Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 1, 2023, 10:39 a.m.	Dec. 1, 2023, 10:42 a.m.

Size	5.6MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b4e0409a6822da1a960bf71ce05fba6f`
SHA256	`ecde3ad92330ee31991c576ea937aee9ebba39fa9eada3e5c36e3ab245ce4fab`
CRC32	`D56A97A5`
ssdeep	`49152:4c/0oszNZcYNMFLlG/lvffs9zNG4Xrzb5u2/EfN8XG0PrmRqeS252B2uPrVKtzwJ:4EszNZctxsN8lTeh5u9uwE+cwL`
PDB Path	modular_installation_station_vm.pdb
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Microsoft_Office_File_Zero - Microsoft Office File Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult

hv.exe "C:\Users\test22\AppData\Local\Temp\hv.exe"
2068
- RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  2468

Name	Response	Post-Analysis Lookup
pastebin.com	A 172.67.34.170 A 104.20.67.143 A 104.20.68.143	104.20.67.143

IP Address	Status	Action
104.20.68.143	Active	Moloch
138.201.120.172	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49166 -> 104.20.68.143:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.56.103:49166 104.20.68.143:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	55:c8:82:61:30:05:42:80:db:47:5e:d0:66:b5:df:ac:14:5b:19:6f

Checks if process is being debugged by a debugger (4 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Dec. 1, 2023, 10:39 a.m.			0	0
IsDebuggerPresent Dec. 1, 2023, 10:39 a.m.			0	0
IsDebuggerPresent Dec. 1, 2023, 10:39 a.m.			0	0
IsDebuggerPresent Dec. 1, 2023, 10:39 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (9 events)

Time & API	Arguments	Status	Return
CryptExportKey Dec. 1, 2023, 10:39 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00721320 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 1, 2023, 10:39 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00721360 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 1, 2023, 10:39 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00721360 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 1, 2023, 10:39 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007215a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 1, 2023, 10:39 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007215a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 1, 2023, 10:39 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00721660 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 1, 2023, 10:39 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00924968 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 1, 2023, 10:39 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00924968 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 1, 2023, 10:39 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00924828 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

This executable has a PDB path (1 event)

pdb_path

modular_installation_station_vm.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Dec. 1, 2023, 10:39 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.sdata

One or more processes crashed (15 events)

Time & API	Arguments	Status
__exception__ Dec. 1, 2023, 10:39 a.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 RtlDeleteBoundaryDescriptor+0x1b RtlAnsiStringToUnicodeString-0x2d ntdll+0x2e688 @ 0x778ce688 RtlMultiByteToUnicodeN+0x11a RtlDeleteBoundaryDescriptor-0xe ntdll+0x2e65f @ 0x778ce65f EtwEventRegister+0x17f EtwRegisterTraceGuidsW-0xa ntdll+0x3f839 @ 0x778df839 LdrGetProcedureAddressEx+0x11f wcsstr-0x99d ntdll+0x302ea @ 0x778d02ea LdrGetProcedureAddress+0x18 LdrGetProcedureAddressEx-0x9 ntdll+0x301c2 @ 0x778d01c2 New_ntdll_LdrGetProcedureAddress@16+0xcd New_ntdll_LdrLoadDll@16-0x87 @ 0x7466d3cd GetProcAddress+0x44 GetVersion-0x38 kernelbase+0x111c4 @ 0x755a11c4 CreateAssemblyNameObject+0xe597 GetMetaDataInternalInterface-0x29ed8 clr+0x3ba30 @ 0x73f6ba30 CoUninitializeEE+0xa200 CreateAssemblyNameObject-0x3a55 clr+0x29a44 @ 0x73f59a44 CoUninitializeEE+0xa149 CreateAssemblyNameObject-0x3b0c clr+0x2998d @ 0x73f5998d CoUninitializeEE+0xa055 CreateAssemblyNameObject-0x3c00 clr+0x29899 @ 0x73f59899 CoUninitializeEE+0x9fee CreateAssemblyNameObject-0x3c67 clr+0x29832 @ 0x73f59832 DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x73f4bcd5 DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x73f32ae9 system+0x1eafc4 @ 0x71e2afc4 0xb7c2ce 0xb7bd45 0xb71085 system+0x1f9799 @ 0x71219799 system+0x1f92c8 @ 0x712192c8 system+0x1eca74 @ 0x7120ca74 system+0x1ec868 @ 0x7120c868 system+0x1f82b8 @ 0x712182b8 system+0x1ee54d @ 0x7120e54d system+0x1f70ea @ 0x712170ea system+0x1e56c0 @ 0x712056c0 system+0x1f8215 @ 0x71218215 system+0x1f6f75 @ 0x71216f75 system+0x1ee251 @ 0x7120e251 system+0x1ee229 @ 0x7120e229 system+0x1ee170 @ 0x7120e170 0x45a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a system+0x1ebc85 @ 0x7120bc85 system+0x1f683b @ 0x7121683b system+0x1a5e44 @ 0x711c5e44 system+0x1fd8a0 @ 0x7121d8a0 system+0x1fd792 @ 0x7121d792 system+0x1a14bd @ 0x711c14bd 0xb700aa DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73ff74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73ff7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x74081dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x74081e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x74081f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7408416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745df5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e exception.instruction: mov eax, dword ptr [esi + 4] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189342 exception.address: 0x778ce39e registers.esp: 3138360 registers.edi: 77186664 registers.eax: 0 registers.ebp: 3138412 registers.edx: 77186672 registers.ebx: 77186672 registers.esi: 588389532 registers.ecx: 7208960	1
__exception__ Dec. 1, 2023, 10:39 a.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x73f32170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x73f32195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x73f321a6 CoUninitializeEE+0x9bdc CreateAssemblyNameObject-0x4079 clr+0x29420 @ 0x73f59420 GetPrivateContextsPerfCounters+0x10ed DllGetActivationFactoryImpl-0x13778 clr+0x8906f @ 0x73fb906f mscorlib+0x2d866e @ 0x7289866e mscorlib+0x2d85ca @ 0x728985ca mscorlib+0x2d7e2a @ 0x72897e2a mscorlib+0x2d79ea @ 0x728979ea mscorlib+0x2d74ff @ 0x728974ff mscorlib+0x2d71c3 @ 0x728971c3 mscorlib+0x2d6c3c @ 0x72896c3c mscorlib+0x2fcfb1 @ 0x728bcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f mscorlib+0x2fce7e @ 0x728bce7e mscorlib+0x2fcd8c @ 0x728bcd8c mscorlib+0x2fcd0b @ 0x728bcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5 mscorlib+0x9bc1c8 @ 0x72f7c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 RtlDeleteBoundaryDescriptor+0x1b RtlAnsiStringToUnicodeString-0x2d ntdll+0x2e688 @ 0x778ce688 RtlMultiByteToUnicodeN+0x11a RtlDeleteBoundaryDescriptor-0xe ntdll+0x2e65f @ 0x778ce65f EtwEventRegister+0x17f EtwRegisterTraceGuidsW-0xa ntdll+0x3f839 @ 0x778df839 LdrGetProcedureAddressEx+0x11f wcsstr-0x99d ntdll+0x302ea @ 0x778d02ea LdrGetProcedureAddress+0x18 LdrGetProcedureAddressEx-0x9 ntdll+0x301c2 @ 0x778d01c2 New_ntdll_LdrGetProcedureAddress@16+0xcd New_ntdll_LdrLoadDll@16-0x87 @ 0x7466d3cd GetProcAddress+0x44 GetVersion-0x38 kernelbase+0x111c4 @ 0x755a11c4 CreateAssemblyNameObject+0xe597 GetMetaDataInternalInterface-0x29ed8 clr+0x3ba30 @ 0x73f6ba30 CoUninitializeEE+0xa200 CreateAssemblyNameObject-0x3a55 clr+0x29a44 @ 0x73f59a44 CoUninitializeEE+0xa149 CreateAssemblyNameObject-0x3b0c clr+0x2998d @ 0x73f5998d CoUninitializeEE+0xa055 CreateAssemblyNameObject-0x3c00 clr+0x29899 @ 0x73f59899 CoUninitializeEE+0x9fee CreateAssemblyNameObject-0x3c67 clr+0x29832 @ 0x73f59832 DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x73f4bcd5 DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x73f32ae9 system+0x1eafc4 @ 0x71e2afc4 0xb7c2ce 0xb7bd45 0xb71085 system+0x1f9799 @ 0x71219799 system+0x1f92c8 @ 0x712192c8 exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e exception.instruction: mov eax, dword ptr [esi + 4] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189342 exception.address: 0x778ce39e registers.esp: 3133224 registers.edi: 77185376 registers.eax: 76973712 registers.ebp: 3133276 registers.edx: 77185384 registers.ebx: 77185384 registers.esi: 663001837 registers.ecx: 7208960	1
__exception__ Dec. 1, 2023, 10:39 a.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x778d93cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x7580c164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x7580c1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x7580c191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x757f4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x757f2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x757f2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x74663ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x73f6971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x740c34e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x740c3682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x740c5947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x740c5b56 GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x740c5543 StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x740c1e51 StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x740c2004 mscorlib+0x355147 @ 0x72915147 mscorlib+0x985c14 @ 0x72f45c14 mscorlib+0x9b45cf @ 0x72f745cf mscorlib+0xd224c1 @ 0x732e24c1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f mscorlib+0x2fce7e @ 0x728bce7e mscorlib+0x2fcd8c @ 0x728bcd8c mscorlib+0x2fcd0b @ 0x728bcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5 mscorlib+0x9bc1c8 @ 0x72f7c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x73f32170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x73f32195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x73f321a6 CoUninitializeEE+0x9bdc CreateAssemblyNameObject-0x4079 clr+0x29420 @ 0x73f59420 GetPrivateContextsPerfCounters+0x10ed DllGetActivationFactoryImpl-0x13778 clr+0x8906f @ 0x73fb906f mscorlib+0x2d866e @ 0x7289866e mscorlib+0x2d85ca @ 0x728985ca mscorlib+0x2d7e2a @ 0x72897e2a mscorlib+0x2d79ea @ 0x728979ea mscorlib+0x2d74ff @ 0x728974ff mscorlib+0x2d71c3 @ 0x728971c3 mscorlib+0x2d6c3c @ 0x72896c3c mscorlib+0x2fcfb1 @ 0x728bcfb1 exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e exception.instruction: mov eax, dword ptr [esi + 4] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189342 exception.address: 0x778ce39e registers.esp: 3125064 registers.edi: 77197664 registers.eax: 9403138 registers.ebp: 3125116 registers.edx: 77197672 registers.ebx: 77197672 registers.esi: 597516671 registers.ecx: 7208960	1
__exception__ Dec. 1, 2023, 10:39 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2 DllUnregisterServerInternal-0x7fe0 clr+0x2114 @ 0x73f32114 DllUnregisterServerInternal-0x7fa5 clr+0x214f @ 0x73f3214f DllRegisterServerInternal+0x9fdd CoUninitializeEE-0x345b clr+0x1c3e9 @ 0x73f4c3e9 DllRegisterServerInternal+0xcb31 CoUninitializeEE-0x907 clr+0x1ef3d @ 0x73f4ef3d CoUninitializeEE+0x6a19 CreateAssemblyNameObject-0x723c clr+0x2625d @ 0x73f5625d CoUninitializeEE+0x31ff CreateAssemblyNameObject-0xaa56 clr+0x22a43 @ 0x73f52a43 CoUninitializeEE+0xd6cf CreateAssemblyNameObject-0x586 clr+0x2cf13 @ 0x73f5cf13 GetPrivateContextsPerfCounters+0x1154 DllGetActivationFactoryImpl-0x13711 clr+0x890d6 @ 0x73fb90d6 GetPrivateContextsPerfCounters+0xf4 DllGetActivationFactoryImpl-0x14771 clr+0x88076 @ 0x73fb8076 GetPrivateContextsPerfCounters+0x10c5 DllGetActivationFactoryImpl-0x137a0 clr+0x89047 @ 0x73fb9047 mscorlib+0x2d866e @ 0x7289866e mscorlib+0x2d85ca @ 0x728985ca mscorlib+0x2d7e2a @ 0x72897e2a mscorlib+0x2d79ea @ 0x728979ea mscorlib+0x2d74ff @ 0x728974ff mscorlib+0x2d71c3 @ 0x728971c3 mscorlib+0x2d6c3c @ 0x72896c3c mscorlib+0x2fcfb1 @ 0x728bcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f mscorlib+0x2fce7e @ 0x728bce7e mscorlib+0x2fcd8c @ 0x728bcd8c mscorlib+0x2fcd0b @ 0x728bcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5 mscorlib+0x9bc1c8 @ 0x72f7c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x778d93cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x7580c164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x7580c1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x7580c191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x757f4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x757f2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x757f2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x74663ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x73f6971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x740c34e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x740c3682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x740c5947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x740c5b56 GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x740c5543 StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x740c1e51 StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x740c2004 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89 exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189172 exception.address: 0x778ce2f4 registers.esp: 3119420 registers.edi: 26 registers.eax: 77347800 registers.ebp: 3119552 registers.edx: 7239728 registers.ebx: 301 registers.esi: 77347808 registers.ecx: 76973720	1
__exception__ Dec. 1, 2023, 10:39 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2 DllUnregisterServerInternal-0x7fe0 clr+0x2114 @ 0x73f32114 DllUnregisterServerInternal-0x7fa5 clr+0x214f @ 0x73f3214f DllRegisterServerInternal+0x9fdd CoUninitializeEE-0x345b clr+0x1c3e9 @ 0x73f4c3e9 DllRegisterServerInternal+0xcb31 CoUninitializeEE-0x907 clr+0x1ef3d @ 0x73f4ef3d CoUninitializeEE+0x6a19 CreateAssemblyNameObject-0x723c clr+0x2625d @ 0x73f5625d CoUninitializeEE+0x31ff CreateAssemblyNameObject-0xaa56 clr+0x22a43 @ 0x73f52a43 CoUninitializeEE+0xd6cf CreateAssemblyNameObject-0x586 clr+0x2cf13 @ 0x73f5cf13 GetPrivateContextsPerfCounters+0x1154 DllGetActivationFactoryImpl-0x13711 clr+0x890d6 @ 0x73fb90d6 GetPrivateContextsPerfCounters+0xf4 DllGetActivationFactoryImpl-0x14771 clr+0x88076 @ 0x73fb8076 GetPrivateContextsPerfCounters+0x10c5 DllGetActivationFactoryImpl-0x137a0 clr+0x89047 @ 0x73fb9047 mscorlib+0x2d866e @ 0x7289866e mscorlib+0x2d85ca @ 0x728985ca mscorlib+0x2d7e2a @ 0x72897e2a mscorlib+0x2d79ea @ 0x728979ea mscorlib+0x2d74ff @ 0x728974ff mscorlib+0x2d71c3 @ 0x728971c3 mscorlib+0x2d6c3c @ 0x72896c3c mscorlib+0x2fcfb1 @ 0x728bcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f mscorlib+0x2fce7e @ 0x728bce7e mscorlib+0x2fcd8c @ 0x728bcd8c mscorlib+0x2fcd0b @ 0x728bcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5 mscorlib+0x9bc1c8 @ 0x72f7c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x778d93cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x7580c164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x7580c1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x7580c191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x757f4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x757f2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x757f2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x74663ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x73f6971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x740c34e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x740c3682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x740c5947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x740c5b56 GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x740c5543 StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x740c1e51 StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x740c2004 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89 exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 225032 exception.address: 0x778d6f08 registers.esp: 3119420 registers.edi: 301 registers.eax: 77347800 registers.ebp: 3119552 registers.edx: 1330577435 registers.ebx: 26 registers.esi: 77347808 registers.ecx: 76973720	1
__exception__ Dec. 1, 2023, 10:39 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2 DllUnregisterServerInternal-0x7fe0 clr+0x2114 @ 0x73f32114 DllUnregisterServerInternal-0x7fa5 clr+0x214f @ 0x73f3214f DllRegisterServerInternal+0x9fdd CoUninitializeEE-0x345b clr+0x1c3e9 @ 0x73f4c3e9 DllRegisterServerInternal+0xcb31 CoUninitializeEE-0x907 clr+0x1ef3d @ 0x73f4ef3d CoUninitializeEE+0x6a19 CreateAssemblyNameObject-0x723c clr+0x2625d @ 0x73f5625d CoUninitializeEE+0x31ff CreateAssemblyNameObject-0xaa56 clr+0x22a43 @ 0x73f52a43 CoUninitializeEE+0xd6cf CreateAssemblyNameObject-0x586 clr+0x2cf13 @ 0x73f5cf13 GetPrivateContextsPerfCounters+0x1154 DllGetActivationFactoryImpl-0x13711 clr+0x890d6 @ 0x73fb90d6 GetPrivateContextsPerfCounters+0xf4 DllGetActivationFactoryImpl-0x14771 clr+0x88076 @ 0x73fb8076 GetPrivateContextsPerfCounters+0x10c5 DllGetActivationFactoryImpl-0x137a0 clr+0x89047 @ 0x73fb9047 mscorlib+0x2d866e @ 0x7289866e mscorlib+0x2d876c @ 0x7289876c mscorlib+0x2d85dc @ 0x728985dc mscorlib+0x2d7e2a @ 0x72897e2a mscorlib+0x2d79ea @ 0x728979ea mscorlib+0x2d74ff @ 0x728974ff mscorlib+0x2d71c3 @ 0x728971c3 mscorlib+0x2d6c3c @ 0x72896c3c mscorlib+0x2fcfb1 @ 0x728bcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f mscorlib+0x2fce7e @ 0x728bce7e mscorlib+0x2fcd8c @ 0x728bcd8c mscorlib+0x2fcd0b @ 0x728bcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5 mscorlib+0x9bc1c8 @ 0x72f7c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x778d93cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x7580c164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x7580c1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x7580c191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x757f4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x757f2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x757f2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x74663ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x73f6971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x740c34e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x740c3682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x740c5947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x740c5b56 GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x740c5543 StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x740c1e51 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89 exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189172 exception.address: 0x778ce2f4 registers.esp: 3119396 registers.edi: 26 registers.eax: 77347800 registers.ebp: 3119528 registers.edx: 7239728 registers.ebx: 302 registers.esi: 77347808 registers.ecx: 76973720	1
__exception__ Dec. 1, 2023, 10:39 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2 DllUnregisterServerInternal-0x7fe0 clr+0x2114 @ 0x73f32114 DllUnregisterServerInternal-0x7fa5 clr+0x214f @ 0x73f3214f DllRegisterServerInternal+0x9fdd CoUninitializeEE-0x345b clr+0x1c3e9 @ 0x73f4c3e9 DllRegisterServerInternal+0xcb31 CoUninitializeEE-0x907 clr+0x1ef3d @ 0x73f4ef3d CoUninitializeEE+0x6a19 CreateAssemblyNameObject-0x723c clr+0x2625d @ 0x73f5625d CoUninitializeEE+0x31ff CreateAssemblyNameObject-0xaa56 clr+0x22a43 @ 0x73f52a43 CoUninitializeEE+0xd6cf CreateAssemblyNameObject-0x586 clr+0x2cf13 @ 0x73f5cf13 GetPrivateContextsPerfCounters+0x1154 DllGetActivationFactoryImpl-0x13711 clr+0x890d6 @ 0x73fb90d6 GetPrivateContextsPerfCounters+0xf4 DllGetActivationFactoryImpl-0x14771 clr+0x88076 @ 0x73fb8076 GetPrivateContextsPerfCounters+0x10c5 DllGetActivationFactoryImpl-0x137a0 clr+0x89047 @ 0x73fb9047 mscorlib+0x2d866e @ 0x7289866e mscorlib+0x2d876c @ 0x7289876c mscorlib+0x2d85dc @ 0x728985dc mscorlib+0x2d7e2a @ 0x72897e2a mscorlib+0x2d79ea @ 0x728979ea mscorlib+0x2d74ff @ 0x728974ff mscorlib+0x2d71c3 @ 0x728971c3 mscorlib+0x2d6c3c @ 0x72896c3c mscorlib+0x2fcfb1 @ 0x728bcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f mscorlib+0x2fce7e @ 0x728bce7e mscorlib+0x2fcd8c @ 0x728bcd8c mscorlib+0x2fcd0b @ 0x728bcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5 mscorlib+0x9bc1c8 @ 0x72f7c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x778d93cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x7580c164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x7580c1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x7580c191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x757f4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x757f2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x757f2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x74663ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x73f6971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x740c34e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x740c3682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x740c5947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x740c5b56 GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x740c5543 StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x740c1e51 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89 exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 225032 exception.address: 0x778d6f08 registers.esp: 3119396 registers.edi: 302 registers.eax: 77347800 registers.ebp: 3119528 registers.edx: 1330577435 registers.ebx: 26 registers.esi: 77347808 registers.ecx: 76973720	1
__exception__ Dec. 1, 2023, 10:39 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2 DllUnregisterServerInternal-0x7fe0 clr+0x2114 @ 0x73f32114 DllUnregisterServerInternal-0x7fa5 clr+0x214f @ 0x73f3214f DllRegisterServerInternal+0x9fdd CoUninitializeEE-0x345b clr+0x1c3e9 @ 0x73f4c3e9 DllRegisterServerInternal+0xcb31 CoUninitializeEE-0x907 clr+0x1ef3d @ 0x73f4ef3d CoUninitializeEE+0x6a19 CreateAssemblyNameObject-0x723c clr+0x2625d @ 0x73f5625d CoUninitializeEE+0x31ff CreateAssemblyNameObject-0xaa56 clr+0x22a43 @ 0x73f52a43 CoUninitializeEE+0xd6cf CreateAssemblyNameObject-0x586 clr+0x2cf13 @ 0x73f5cf13 GetPrivateContextsPerfCounters+0x1154 DllGetActivationFactoryImpl-0x13711 clr+0x890d6 @ 0x73fb90d6 GetPrivateContextsPerfCounters+0xf4 DllGetActivationFactoryImpl-0x14771 clr+0x88076 @ 0x73fb8076 GetPrivateContextsPerfCounters+0x10c5 DllGetActivationFactoryImpl-0x137a0 clr+0x89047 @ 0x73fb9047 mscorlib+0x2d866e @ 0x7289866e mscorlib+0x2d8b4f @ 0x72898b4f mscorlib+0x2d8a35 @ 0x72898a35 mscorlib+0x2d89a9 @ 0x728989a9 mscorlib+0x2d8891 @ 0x72898891 mscorlib+0x2d7e43 @ 0x72897e43 mscorlib+0x2d79ea @ 0x728979ea mscorlib+0x2d74ff @ 0x728974ff mscorlib+0x2d71c3 @ 0x728971c3 mscorlib+0x2d6c3c @ 0x72896c3c mscorlib+0x2fcfb1 @ 0x728bcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f mscorlib+0x2fce7e @ 0x728bce7e mscorlib+0x2fcd8c @ 0x728bcd8c mscorlib+0x2fcd0b @ 0x728bcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5 mscorlib+0x9bc1c8 @ 0x72f7c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x778d93cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x7580c164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x7580c1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x7580c191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x757f4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x757f2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x757f2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x74663ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x73f6971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x740c34e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x740c3682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x740c5947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x740c5b56 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89 exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189172 exception.address: 0x778ce2f4 registers.esp: 3119328 registers.edi: 26 registers.eax: 77347800 registers.ebp: 3119460 registers.edx: 7239728 registers.ebx: 303 registers.esi: 77347808 registers.ecx: 76973720	1
__exception__ Dec. 1, 2023, 10:39 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2 DllUnregisterServerInternal-0x7fe0 clr+0x2114 @ 0x73f32114 DllUnregisterServerInternal-0x7fa5 clr+0x214f @ 0x73f3214f DllRegisterServerInternal+0x9fdd CoUninitializeEE-0x345b clr+0x1c3e9 @ 0x73f4c3e9 DllRegisterServerInternal+0xcb31 CoUninitializeEE-0x907 clr+0x1ef3d @ 0x73f4ef3d CoUninitializeEE+0x6a19 CreateAssemblyNameObject-0x723c clr+0x2625d @ 0x73f5625d CoUninitializeEE+0x31ff CreateAssemblyNameObject-0xaa56 clr+0x22a43 @ 0x73f52a43 CoUninitializeEE+0xd6cf CreateAssemblyNameObject-0x586 clr+0x2cf13 @ 0x73f5cf13 GetPrivateContextsPerfCounters+0x1154 DllGetActivationFactoryImpl-0x13711 clr+0x890d6 @ 0x73fb90d6 GetPrivateContextsPerfCounters+0xf4 DllGetActivationFactoryImpl-0x14771 clr+0x88076 @ 0x73fb8076 GetPrivateContextsPerfCounters+0x10c5 DllGetActivationFactoryImpl-0x137a0 clr+0x89047 @ 0x73fb9047 mscorlib+0x2d866e @ 0x7289866e mscorlib+0x2d8b4f @ 0x72898b4f mscorlib+0x2d8a35 @ 0x72898a35 mscorlib+0x2d89a9 @ 0x728989a9 mscorlib+0x2d8891 @ 0x72898891 mscorlib+0x2d7e43 @ 0x72897e43 mscorlib+0x2d79ea @ 0x728979ea mscorlib+0x2d74ff @ 0x728974ff mscorlib+0x2d71c3 @ 0x728971c3 mscorlib+0x2d6c3c @ 0x72896c3c mscorlib+0x2fcfb1 @ 0x728bcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f mscorlib+0x2fce7e @ 0x728bce7e mscorlib+0x2fcd8c @ 0x728bcd8c mscorlib+0x2fcd0b @ 0x728bcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5 mscorlib+0x9bc1c8 @ 0x72f7c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x778d93cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x7580c164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x7580c1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x7580c191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x757f4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x757f2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x757f2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x74663ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x73f6971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x740c34e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x740c3682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x740c5947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x740c5b56 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89 exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 225032 exception.address: 0x778d6f08 registers.esp: 3119328 registers.edi: 303 registers.eax: 77347800 registers.ebp: 3119460 registers.edx: 1330577435 registers.ebx: 26 registers.esi: 77347808 registers.ecx: 76973720	1
__exception__ Dec. 1, 2023, 10:39 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2 DllUnregisterServerInternal-0x7fe0 clr+0x2114 @ 0x73f32114 DllUnregisterServerInternal-0x7fa5 clr+0x214f @ 0x73f3214f DllRegisterServerInternal+0x9fdd CoUninitializeEE-0x345b clr+0x1c3e9 @ 0x73f4c3e9 DllRegisterServerInternal+0xcb31 CoUninitializeEE-0x907 clr+0x1ef3d @ 0x73f4ef3d CoUninitializeEE+0x6a19 CreateAssemblyNameObject-0x723c clr+0x2625d @ 0x73f5625d CoUninitializeEE+0x31ff CreateAssemblyNameObject-0xaa56 clr+0x22a43 @ 0x73f52a43 CoUninitializeEE+0xd6cf CreateAssemblyNameObject-0x586 clr+0x2cf13 @ 0x73f5cf13 GetPrivateContextsPerfCounters+0x1154 DllGetActivationFactoryImpl-0x13711 clr+0x890d6 @ 0x73fb90d6 GetPrivateContextsPerfCounters+0xf4 DllGetActivationFactoryImpl-0x14771 clr+0x88076 @ 0x73fb8076 GetPrivateContextsPerfCounters+0x10c5 DllGetActivationFactoryImpl-0x137a0 clr+0x89047 @ 0x73fb9047 mscorlib+0x2d866e @ 0x7289866e mscorlib+0x2d876c @ 0x7289876c mscorlib+0x2d8b5e @ 0x72898b5e mscorlib+0x2d8a35 @ 0x72898a35 mscorlib+0x2d89a9 @ 0x728989a9 mscorlib+0x2d8891 @ 0x72898891 mscorlib+0x2d7e43 @ 0x72897e43 mscorlib+0x2d79ea @ 0x728979ea mscorlib+0x2d74ff @ 0x728974ff mscorlib+0x2d71c3 @ 0x728971c3 mscorlib+0x2d6c3c @ 0x72896c3c mscorlib+0x2fcfb1 @ 0x728bcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f mscorlib+0x2fce7e @ 0x728bce7e mscorlib+0x2fcd8c @ 0x728bcd8c mscorlib+0x2fcd0b @ 0x728bcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5 mscorlib+0x9bc1c8 @ 0x72f7c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x778d93cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x7580c164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x7580c1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x7580c191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x757f4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x757f2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x757f2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x74663ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x73f6971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x740c34e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x740c3682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x740c5947 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89 exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189172 exception.address: 0x778ce2f4 registers.esp: 3119304 registers.edi: 26 registers.eax: 77347800 registers.ebp: 3119436 registers.edx: 7239728 registers.ebx: 304 registers.esi: 77347808 registers.ecx: 76973720	1
__exception__ Dec. 1, 2023, 10:39 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2 DllUnregisterServerInternal-0x7fe0 clr+0x2114 @ 0x73f32114 DllUnregisterServerInternal-0x7fa5 clr+0x214f @ 0x73f3214f DllRegisterServerInternal+0x9fdd CoUninitializeEE-0x345b clr+0x1c3e9 @ 0x73f4c3e9 DllRegisterServerInternal+0xcb31 CoUninitializeEE-0x907 clr+0x1ef3d @ 0x73f4ef3d CoUninitializeEE+0x6a19 CreateAssemblyNameObject-0x723c clr+0x2625d @ 0x73f5625d CoUninitializeEE+0x31ff CreateAssemblyNameObject-0xaa56 clr+0x22a43 @ 0x73f52a43 CoUninitializeEE+0xd6cf CreateAssemblyNameObject-0x586 clr+0x2cf13 @ 0x73f5cf13 GetPrivateContextsPerfCounters+0x1154 DllGetActivationFactoryImpl-0x13711 clr+0x890d6 @ 0x73fb90d6 GetPrivateContextsPerfCounters+0xf4 DllGetActivationFactoryImpl-0x14771 clr+0x88076 @ 0x73fb8076 GetPrivateContextsPerfCounters+0x10c5 DllGetActivationFactoryImpl-0x137a0 clr+0x89047 @ 0x73fb9047 mscorlib+0x2d866e @ 0x7289866e mscorlib+0x2d876c @ 0x7289876c mscorlib+0x2d8b5e @ 0x72898b5e mscorlib+0x2d8a35 @ 0x72898a35 mscorlib+0x2d89a9 @ 0x728989a9 mscorlib+0x2d8891 @ 0x72898891 mscorlib+0x2d7e43 @ 0x72897e43 mscorlib+0x2d79ea @ 0x728979ea mscorlib+0x2d74ff @ 0x728974ff mscorlib+0x2d71c3 @ 0x728971c3 mscorlib+0x2d6c3c @ 0x72896c3c mscorlib+0x2fcfb1 @ 0x728bcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f mscorlib+0x2fce7e @ 0x728bce7e mscorlib+0x2fcd8c @ 0x728bcd8c mscorlib+0x2fcd0b @ 0x728bcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5 mscorlib+0x9bc1c8 @ 0x72f7c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x778d93cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x7580c164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x7580c1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x7580c191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x757f4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x757f2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x757f2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x74663ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x73f6971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x740c34e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x740c3682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x740c5947 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89 exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 225032 exception.address: 0x778d6f08 registers.esp: 3119304 registers.edi: 304 registers.eax: 77347800 registers.ebp: 3119436 registers.edx: 1330577435 registers.ebx: 26 registers.esi: 77347808 registers.ecx: 76973720	1
__exception__ Dec. 1, 2023, 10:39 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2 RtlEncodeSystemPointer+0x30 RtlFindClearBits-0x761 ntdll+0x3e088 @ 0x778de088 RtlEncodeSystemPointer+0x411 RtlFindClearBits-0x380 ntdll+0x3e469 @ 0x778de469 RtlEncodeSystemPointer+0x4ea RtlFindClearBits-0x2a7 ntdll+0x3e542 @ 0x778de542 LdrResFindResourceDirectory+0x51d RtlEncodeSystemPointer-0x126 ntdll+0x3df32 @ 0x778ddf32 LdrResSearchResource+0x943 LdrResFindResourceDirectory-0x376 ntdll+0x3d69f @ 0x778dd69f LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x778dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7466d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x755a1d2a LoadLibraryExA+0x26 FreeLibrary-0x18 kernelbase+0x11d7a @ 0x755a1d7a DllGetClassObjectInternal+0x53eae CorDllMainForThunk-0x3864d clr+0x118f27 @ 0x74048f27 CopyPDBs+0x4ee4 DllCanUnloadNowInternal-0x3c0f3 clr+0x19ab26 @ 0x740cab26 DllGetClassObjectInternal+0x35b9f CorDllMainForThunk-0x5695c clr+0xfac18 @ 0x7402ac18 CreateHistoryReader+0x601ad PostErrorVA-0x108db2 clr+0x26f9f2 @ 0x7419f9f2 CreateHistoryReader+0x5ef45 PostErrorVA-0x10a01a clr+0x26e78a @ 0x7419e78a CreateHistoryReader+0x5fe22 PostErrorVA-0x10913d clr+0x26f667 @ 0x7419f667 CreateHistoryReader+0x60ecc PostErrorVA-0x108093 clr+0x270711 @ 0x741a0711 CreateHistoryReader+0x14646 PostErrorVA-0x154919 clr+0x223e8b @ 0x74153e8b CreateHistoryReader+0x14356 PostErrorVA-0x154c09 clr+0x223b9b @ 0x74153b9b CreateHistoryReader+0x9844c PostErrorVA-0xd0b13 clr+0x2a7c91 @ 0x741d7c91 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x73f32170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x73f32195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x73f321a6 CoUninitializeEE+0x9bdc CreateAssemblyNameObject-0x4079 clr+0x29420 @ 0x73f59420 GetPrivateContextsPerfCounters+0x10ed DllGetActivationFactoryImpl-0x13778 clr+0x8906f @ 0x73fb906f mscorlib+0x2d866e @ 0x7289866e mscorlib+0x2d85ca @ 0x728985ca mscorlib+0x2d7e2a @ 0x72897e2a mscorlib+0x2d79ea @ 0x728979ea mscorlib+0x2d74ff @ 0x728974ff mscorlib+0x2d71c3 @ 0x728971c3 mscorlib+0x2d6c3c @ 0x72896c3c mscorlib+0x2fcfb1 @ 0x728bcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f mscorlib+0x2fce7e @ 0x728bce7e mscorlib+0x2fcd8c @ 0x728bcd8c mscorlib+0x2fcd0b @ 0x728bcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5 mscorlib+0x9bc1c8 @ 0x72f7c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89 exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189172 exception.address: 0x778ce2f4 registers.esp: 3120448 registers.edi: 26 registers.eax: 77347800 registers.ebp: 3120580 registers.edx: 7239728 registers.ebx: 305 registers.esi: 77347808 registers.ecx: 76973720	1
__exception__ Dec. 1, 2023, 10:39 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2 RtlEncodeSystemPointer+0x30 RtlFindClearBits-0x761 ntdll+0x3e088 @ 0x778de088 RtlEncodeSystemPointer+0x411 RtlFindClearBits-0x380 ntdll+0x3e469 @ 0x778de469 RtlEncodeSystemPointer+0x4ea RtlFindClearBits-0x2a7 ntdll+0x3e542 @ 0x778de542 LdrResFindResourceDirectory+0x51d RtlEncodeSystemPointer-0x126 ntdll+0x3df32 @ 0x778ddf32 LdrResSearchResource+0x943 LdrResFindResourceDirectory-0x376 ntdll+0x3d69f @ 0x778dd69f LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x778dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7466d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x755a1d2a LoadLibraryExA+0x26 FreeLibrary-0x18 kernelbase+0x11d7a @ 0x755a1d7a DllGetClassObjectInternal+0x53eae CorDllMainForThunk-0x3864d clr+0x118f27 @ 0x74048f27 CopyPDBs+0x4ee4 DllCanUnloadNowInternal-0x3c0f3 clr+0x19ab26 @ 0x740cab26 DllGetClassObjectInternal+0x35b9f CorDllMainForThunk-0x5695c clr+0xfac18 @ 0x7402ac18 CreateHistoryReader+0x601ad PostErrorVA-0x108db2 clr+0x26f9f2 @ 0x7419f9f2 CreateHistoryReader+0x5ef45 PostErrorVA-0x10a01a clr+0x26e78a @ 0x7419e78a CreateHistoryReader+0x5fe22 PostErrorVA-0x10913d clr+0x26f667 @ 0x7419f667 CreateHistoryReader+0x60ecc PostErrorVA-0x108093 clr+0x270711 @ 0x741a0711 CreateHistoryReader+0x14646 PostErrorVA-0x154919 clr+0x223e8b @ 0x74153e8b CreateHistoryReader+0x14356 PostErrorVA-0x154c09 clr+0x223b9b @ 0x74153b9b CreateHistoryReader+0x9844c PostErrorVA-0xd0b13 clr+0x2a7c91 @ 0x741d7c91 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x73f32170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x73f32195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x73f321a6 CoUninitializeEE+0x9bdc CreateAssemblyNameObject-0x4079 clr+0x29420 @ 0x73f59420 GetPrivateContextsPerfCounters+0x10ed DllGetActivationFactoryImpl-0x13778 clr+0x8906f @ 0x73fb906f mscorlib+0x2d866e @ 0x7289866e mscorlib+0x2d85ca @ 0x728985ca mscorlib+0x2d7e2a @ 0x72897e2a mscorlib+0x2d79ea @ 0x728979ea mscorlib+0x2d74ff @ 0x728974ff mscorlib+0x2d71c3 @ 0x728971c3 mscorlib+0x2d6c3c @ 0x72896c3c mscorlib+0x2fcfb1 @ 0x728bcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f mscorlib+0x2fce7e @ 0x728bce7e mscorlib+0x2fcd8c @ 0x728bcd8c mscorlib+0x2fcd0b @ 0x728bcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5 mscorlib+0x9bc1c8 @ 0x72f7c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89 exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 225032 exception.address: 0x778d6f08 registers.esp: 3120448 registers.edi: 305 registers.eax: 77347800 registers.ebp: 3120580 registers.edx: 1330577435 registers.ebx: 26 registers.esi: 77347808 registers.ecx: 76973720	1
__exception__ Dec. 1, 2023, 10:39 a.m.	stacktrace: 0xc7a303 0xc7a10e 0xc74350 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73ff74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73ff7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x74081dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x74081e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x74081f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7408416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745df5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 d0 8b 45 f4 05 3b fe ff ff 8b 15 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc7b223 registers.esp: 4059556 registers.edi: 4059612 registers.eax: 0 registers.ebp: 4059628 registers.edx: 0 registers.ebx: 4060036 registers.esi: 0 registers.ecx: 0	1
__exception__ Dec. 1, 2023, 10:40 a.m.	stacktrace: 0xc7a303 0xc7a10e 0xc74350 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73ff74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73ff7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x74081dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x74081e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x74081f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7408416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745df5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 d0 8b 45 f4 05 3b fe ff ff 8b 15 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc7b223 registers.esp: 4059556 registers.edi: 4059612 registers.eax: 0 registers.ebp: 4059628 registers.edx: 0 registers.ebx: 4060036 registers.esi: 0 registers.ecx: 0	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

GET method with no useragent header

suspicious_request

GET https://pastebin.com/raw/A54sKxhY

Performs some HTTP requests (1 event)

request

GET https://pastebin.com/raw/A54sKxhY

Allocates read-write-execute memory (usually to unpack itself) (50 out of 118 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 393216 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f31000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f32000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 1441792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ac0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00be0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00442000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00475000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00477000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b51000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b52000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b53000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b54000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b55000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b56000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef58000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0044a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0046a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00467000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00466000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b71000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b72000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0044c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b73000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b74000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 69632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003fd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b57000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00411000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\Protect544cd51a.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\Protect544cd51a.dll

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Dec. 1, 2023, 10:39 a.m.	flags: 15 family: 0		111	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00592400', u'virtual_address': u'0x00002000', u'entropy': 7.141556410965425, u'name': u'.text', u'virtual_size': u'0x005922a4'}

entropy

7.14155641097

description

A section with a high entropy has been found

entropy

0.988221028928

description

Overall entropy of this PE file is high

Yara rule detected in process memory (9 events)

description	PWS Memory	rule	Generic_PWS_Memory_Zero
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

One or more of the buffers contains an embedded PE file (2 events)

buffer	Buffer with sha1: 2441a44b06509975255deafbaa7fd57a83a0bd41
buffer	Buffer with sha1: 815429c9202b75db01b77d5b30ba0dda5324cd95

Communicates with host for which no DNS query was performed (1 event)

host

138.201.120.172

Allocates execute permission to another process indicative of possible code injection (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2468 region_size: 860160 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002b0	1	0	0

Potential code injection by writing to the memory of another process (4 events)

Time & API	Arguments	Status	Return
WriteProcessMemory Dec. 1, 2023, 10:39 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELv\eà°>Ï @ ðÎKà H.textD¯ ° `.rsrcà²@@.reloc ¸@B base_address: 0x00400000 process_identifier: 2468 process_handle: 0x000002b0	1	1
WriteProcessMemory Dec. 1, 2023, 10:39 a.m.	buffer: P8h àÔtãêÔ4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation°4StringFileInfo000004b0Comments"CompanyNameFileDescription0FileVersion1.0.0.08InternalNamebladfin.exe&LegalCopyrightLegalTrademarks@OriginalFilenamebladfin.exe"ProductName4ProductVersion1.0.0.08Assembly Version1.0.0.0ï»¿<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly> base_address: 0x004ce000 process_identifier: 2468 process_handle: 0x000002b0	1	1
WriteProcessMemory Dec. 1, 2023, 10:39 a.m.	buffer: À@? base_address: 0x004d0000 process_identifier: 2468 process_handle: 0x000002b0	1	1
WriteProcessMemory Dec. 1, 2023, 10:39 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2468 process_handle: 0x000002b0	1	1

Code injection by writing an executable or DLL to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory Dec. 1, 2023, 10:39 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELv\eà°>Ï @ ðÎKà H.textD¯ ° `.rsrcà²@@.reloc ¸@B base_address: 0x00400000 process_identifier: 2468 process_handle: 0x000002b0	1	1	0

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2068 called NtSetContextThread to modify thread in remote process 2468
NtSetContextThread Dec. 1, 2023, 10:39 a.m.	registers.eip: 2005598660 registers.esp: 4062708 registers.edi: 0 registers.eax: 5033790 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000002ac process_identifier: 2468	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2068 resumed a thread in remote process 2468
NtResumeThread Dec. 1, 2023, 10:39 a.m.	thread_handle: 0x000002ac suspend_count: 1 process_identifier: 2468	1	0	0

File has been identified by 24 AntiVirus engines on VirusTotal as malicious (24 events)

Bkav	W32.AIDetectMalware.CS
Sangfor	Trojan.Msil.Kryptik.V52m
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.AKDO
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	FileRepMalware
Tencent	Msil.Trojan.Kryptik.Dwnw
Sophos	Generic Reputation PUA (PUA)
Webroot	W32.Trojan.Gen
Avira	TR/AD.Nekark.njxwx
Varist	W32/MSIL_Agent.GZN.gen!Eldorado
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Gridinsoft	Trojan.Win32.Gen.tr
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Win32.Trojan.Agent.PA412U
Cylance	unsafe
Rising	Stealer.Stealerc!8.17BE0 (TFE:dGZlOg1CAPkPkdJJqQ)
Ikarus	Win32.Outbreak
Fortinet	MSIL/Kryptik.AKDO!tr
AVG	FileRepMalware
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_70% (W)

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

138.201.120.172:15648

Executed a process and injected code into it, probably while unpacking (22 events)

Time & API	Arguments	Status	Return
NtResumeThread Dec. 1, 2023, 10:39 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2068	1	0
NtResumeThread Dec. 1, 2023, 10:39 a.m.	thread_handle: 0x00000150 suspend_count: 1 process_identifier: 2068	1	0
NtResumeThread Dec. 1, 2023, 10:39 a.m.	thread_handle: 0x0000018c suspend_count: 1 process_identifier: 2068	1	0
NtResumeThread Dec. 1, 2023, 10:39 a.m.	thread_handle: 0x00000238 suspend_count: 1 process_identifier: 2068	1	0
NtGetContextThread Dec. 1, 2023, 10:39 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread Dec. 1, 2023, 10:39 a.m.	thread_handle: 0x000000e0	1	0
NtResumeThread Dec. 1, 2023, 10:39 a.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 2068	1	0
CreateProcessInternalW Dec. 1, 2023, 10:39 a.m.	thread_identifier: 2472 thread_handle: 0x000002ac process_identifier: 2468 current_directory: filepath: track: 1 command_line: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe filepath_r: stack_pivoted: 0 creation_flags: 564 (CREATE_NEW_CONSOLE\|CREATE_NEW_PROCESS_GROUP\|CREATE_SUSPENDED\|NORMAL_PRIORITY_CLASS) inherit_handles: 0 process_handle: 0x000002b0	1	1
NtUnmapViewOfSection Dec. 1, 2023, 10:39 a.m.	base_address: 0x00400000 region_size: 10420224 process_identifier: 2468 process_handle: 0x000002b0		3221225497
NtAllocateVirtualMemory Dec. 1, 2023, 10:39 a.m.	process_identifier: 2468 region_size: 860160 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002b0	1	0
WriteProcessMemory Dec. 1, 2023, 10:39 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELv\eà°>Ï @ ðÎKà H.textD¯ ° `.rsrcà²@@.reloc ¸@B base_address: 0x00400000 process_identifier: 2468 process_handle: 0x000002b0	1	1
WriteProcessMemory Dec. 1, 2023, 10:39 a.m.	buffer: base_address: 0x00402000 process_identifier: 2468 process_handle: 0x000002b0	1	1
WriteProcessMemory Dec. 1, 2023, 10:39 a.m.	buffer: P8h àÔtãêÔ4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation°4StringFileInfo000004b0Comments"CompanyNameFileDescription0FileVersion1.0.0.08InternalNamebladfin.exe&LegalCopyrightLegalTrademarks@OriginalFilenamebladfin.exe"ProductName4ProductVersion1.0.0.08Assembly Version1.0.0.0ï»¿<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly> base_address: 0x004ce000 process_identifier: 2468 process_handle: 0x000002b0	1	1
WriteProcessMemory Dec. 1, 2023, 10:39 a.m.	buffer: À@? base_address: 0x004d0000 process_identifier: 2468 process_handle: 0x000002b0	1	1
NtGetContextThread Dec. 1, 2023, 10:39 a.m.	thread_handle: 0x000002ac	1	0
WriteProcessMemory Dec. 1, 2023, 10:39 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2468 process_handle: 0x000002b0	1	1
NtSetContextThread Dec. 1, 2023, 10:39 a.m.	registers.eip: 2005598660 registers.esp: 4062708 registers.edi: 0 registers.eax: 5033790 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000002ac process_identifier: 2468	1	0
NtResumeThread Dec. 1, 2023, 10:39 a.m.	thread_handle: 0x000002ac suspend_count: 1 process_identifier: 2468	1	0
NtResumeThread Dec. 1, 2023, 10:39 a.m.	thread_handle: 0x0000017c suspend_count: 1 process_identifier: 2468	1	0
NtResumeThread Dec. 1, 2023, 10:39 a.m.	thread_handle: 0x000001ec suspend_count: 1 process_identifier: 2468	1	0
NtResumeThread Dec. 1, 2023, 10:39 a.m.	thread_handle: 0x00000234 suspend_count: 1 process_identifier: 2468	1	0
NtResumeThread Dec. 1, 2023, 10:39 a.m.	thread_handle: 0x000003c0 suspend_count: 1 process_identifier: 2468	1	0

hv.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All