Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Dec. 18, 2023, 9:43 a.m.	Dec. 18, 2023, 9:45 a.m.

Size	4.6MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`cf8a20b11ce9cf757bfaf49bd93ac524`
SHA256	`a3fa2ab4e84d4ea0a272962535016b660eb797bb2210e747d28a51a024a3e6c5`
CRC32	`617A4FF2`
ssdeep	`49152:0+0uIwxes1V4MvtSMKJD50BIaVhzh2jmlGGODZ6LSjG9oSyTXYUkqOedG9ilud7x:08CMOJmBIqV2CENVlSyMqZ4iQd7x`
PDB Path	mold_support_and_installation.pdb
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

v2.exe "C:\Users\test22\AppData\Local\Temp\v2.exe"
2552
- RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  2720

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
91.92.241.115	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043233	ET INFO Microsoft net.tcp Connection Initialization Activity	Potentially Bad Traffic
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2046045	ET MALWARE [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization)	A Network Trojan was detected
TCP 91.92.241.115:12393 -> 192.168.56.101:49165	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 91.92.241.115:12393 -> 192.168.56.101:49165	2046056	ET MALWARE Redline Stealer Family Activity (Response)	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 91.92.241.115:12393	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Queries for the computername (14 events)

Time & API	Arguments	Status	Return
GetComputerNameA Dec. 18, 2023, 9:44 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 18, 2023, 9:44 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 18, 2023, 9:43 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 18, 2023, 9:44 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 18, 2023, 9:44 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 18, 2023, 9:44 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 18, 2023, 9:44 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 18, 2023, 9:44 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 18, 2023, 9:44 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 18, 2023, 9:44 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 18, 2023, 9:44 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 18, 2023, 9:44 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 18, 2023, 9:44 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Dec. 18, 2023, 9:44 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (6 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Dec. 18, 2023, 9:43 a.m.			0	0
IsDebuggerPresent Dec. 18, 2023, 9:43 a.m.			0	0
IsDebuggerPresent Dec. 18, 2023, 9:44 a.m.			0	0
IsDebuggerPresent Dec. 18, 2023, 9:44 a.m.			0	0
IsDebuggerPresent Dec. 18, 2023, 9:43 a.m.			0	0
IsDebuggerPresent Dec. 18, 2023, 9:43 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (32 events)

Time & API	Arguments	Status	Return
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fb320 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fb320 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fb320 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fb320 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fbd20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fbd20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fba20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fba20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fba20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fb3a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fb8e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fb8e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fb360 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fb360 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x002fb9a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b1c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b1c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b1c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b1c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b248 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b248 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b148 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b148 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b148 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b148 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b148 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b1c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b1c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:43 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b3c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:44 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085bb48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:44 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085bb48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Dec. 18, 2023, 9:44 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0085b988 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

This executable has a PDB path (1 event)

pdb_path

mold_support_and_installation.pdb

Tries to locate where the browsers are installed (3 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file	C:\Program Files\Mozilla Firefox\firefox.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Dec. 18, 2023, 9:43 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.sdata

One or more processes crashed (38 events)

Time & API	Arguments	Status
__exception__ Dec. 18, 2023, 9:43 a.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlDeleteBoundaryDescriptor+0x1b RtlAnsiStringToUnicodeString-0x2d ntdll+0x2e688 @ 0x76f3e688 RtlMultiByteToUnicodeN+0x11a RtlDeleteBoundaryDescriptor-0xe ntdll+0x2e65f @ 0x76f3e65f EtwEventRegister+0x17f EtwRegisterTraceGuidsW-0xa ntdll+0x3f839 @ 0x76f4f839 LdrGetProcedureAddressEx+0x11f wcsstr-0x99d ntdll+0x302ea @ 0x76f402ea LdrGetProcedureAddress+0x18 LdrGetProcedureAddressEx-0x9 ntdll+0x301c2 @ 0x76f401c2 New_ntdll_LdrGetProcedureAddress@16+0xcd New_ntdll_LdrLoadDll@16-0x87 @ 0x736ed3cd GetProcAddress+0x44 GetVersion-0x38 kernelbase+0x111c4 @ 0x759811c4 CreateAssemblyNameObject+0xe4d1 GetMetaDataInternalInterface-0x29f9e clr+0x3b96a @ 0x727db96a CoUninitializeEE+0xa200 CreateAssemblyNameObject-0x3a55 clr+0x29a44 @ 0x727c9a44 CoUninitializeEE+0xa149 CreateAssemblyNameObject-0x3b0c clr+0x2998d @ 0x727c998d CoUninitializeEE+0xa055 CreateAssemblyNameObject-0x3c00 clr+0x29899 @ 0x727c9899 CoUninitializeEE+0x9fee CreateAssemblyNameObject-0x3c67 clr+0x29832 @ 0x727c9832 DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x727bbcd5 DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x727a2ae9 system+0x1ca9e1 @ 0x7040a9e1 system+0x75b20d @ 0x7099b20d 0xc9bbd0 0xc91090 system+0x1f9799 @ 0x70439799 system+0x1f92c8 @ 0x704392c8 system+0x1eca74 @ 0x7042ca74 system+0x1ec868 @ 0x7042c868 system+0x1f82b8 @ 0x704382b8 system+0x1ee54d @ 0x7042e54d system+0x1f70ea @ 0x704370ea system+0x1e56c0 @ 0x704256c0 system+0x1f8215 @ 0x70438215 system+0x1f6f75 @ 0x70436f75 system+0x1ee251 @ 0x7042e251 system+0x1ee229 @ 0x7042e229 system+0x1ee170 @ 0x7042e170 0x53a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a system+0x1ebc85 @ 0x7042bc85 system+0x1f683b @ 0x7043683b system+0x1a5e44 @ 0x703e5e44 system+0x1fd8a0 @ 0x7043d8a0 system+0x1fd792 @ 0x7043d792 system+0x1a14bd @ 0x703e14bd 0xc900aa DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e exception.instruction: mov eax, dword ptr [esi + 4] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189342 exception.address: 0x76f3e39e registers.esp: 2483500 registers.edi: 82006880 registers.eax: 0 registers.ebp: 2483552 registers.edx: 82006888 registers.ebx: 82006888 registers.esi: 1982176102 registers.ecx: 3014656	1
__exception__ Dec. 18, 2023, 9:43 a.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x727a2170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x727a2195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x727a21a6 CoUninitializeEE+0xd8a2 CreateAssemblyNameObject-0x3b3 clr+0x2d0e6 @ 0x727cd0e6 DllGetActivationFactoryImpl+0x5d17 CreateApplicationContext-0x4825 clr+0xa24fe @ 0x728424fe mscorlib+0x2d54f0 @ 0x71ab54f0 mscorlib+0x2d54a5 @ 0x71ab54a5 mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlDeleteBoundaryDescriptor+0x1b RtlAnsiStringToUnicodeString-0x2d ntdll+0x2e688 @ 0x76f3e688 RtlMultiByteToUnicodeN+0x11a RtlDeleteBoundaryDescriptor-0xe ntdll+0x2e65f @ 0x76f3e65f EtwEventRegister+0x17f EtwRegisterTraceGuidsW-0xa ntdll+0x3f839 @ 0x76f4f839 LdrGetProcedureAddressEx+0x11f wcsstr-0x99d ntdll+0x302ea @ 0x76f402ea LdrGetProcedureAddress+0x18 LdrGetProcedureAddressEx-0x9 ntdll+0x301c2 @ 0x76f401c2 New_ntdll_LdrGetProcedureAddress@16+0xcd New_ntdll_LdrLoadDll@16-0x87 @ 0x736ed3cd GetProcAddress+0x44 GetVersion-0x38 kernelbase+0x111c4 @ 0x759811c4 CreateAssemblyNameObject+0xe4d1 GetMetaDataInternalInterface-0x29f9e clr+0x3b96a @ 0x727db96a CoUninitializeEE+0xa200 CreateAssemblyNameObject-0x3a55 clr+0x29a44 @ 0x727c9a44 CoUninitializeEE+0xa149 CreateAssemblyNameObject-0x3b0c clr+0x2998d @ 0x727c998d CoUninitializeEE+0xa055 CreateAssemblyNameObject-0x3c00 clr+0x29899 @ 0x727c9899 CoUninitializeEE+0x9fee CreateAssemblyNameObject-0x3c67 clr+0x29832 @ 0x727c9832 DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x727bbcd5 DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x727a2ae9 system+0x1ca9e1 @ 0x7040a9e1 system+0x75b20d @ 0x7099b20d 0xc9bbd0 0xc91090 system+0x1f9799 @ 0x70439799 system+0x1f92c8 @ 0x704392c8 exception.instruction_r: 89 30 8b 45 e0 8b 55 e4 8d 7e 08 f0 0f c7 0f 3b exception.symbol: RtlInitUnicodeString+0x1f3 RtlMultiByteToUnicodeN-0x14a ntdll+0x2e3fb exception.instruction: mov dword ptr [eax], esi exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189435 exception.address: 0x76f3e3fb registers.esp: 2478300 registers.edi: 1224474624 registers.eax: 2299103488 registers.ebp: 2478352 registers.edx: 17803 registers.ebx: 1224502025 registers.esi: 1925547268 registers.ecx: 1166802927	1
__exception__ Dec. 18, 2023, 9:43 a.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x755c2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x736e3ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x727d971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x729334e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x72933682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x72935947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x72935b56 GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x72935543 StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x72931e51 StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x72932004 mscorlib+0x355147 @ 0x71b35147 mscorlib+0x985c14 @ 0x72165c14 mscorlib+0x9b45cf @ 0x721945cf mscorlib+0xd224c1 @ 0x725024c1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x727a2170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x727a2195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x727a21a6 CoUninitializeEE+0xd8a2 CreateAssemblyNameObject-0x3b3 clr+0x2d0e6 @ 0x727cd0e6 DllGetActivationFactoryImpl+0x5d17 CreateApplicationContext-0x4825 clr+0xa24fe @ 0x728424fe mscorlib+0x2d54f0 @ 0x71ab54f0 mscorlib+0x2d54a5 @ 0x71ab54a5 mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 exception.instruction_r: 89 30 8b 45 e0 8b 55 e4 8d 7e 08 f0 0f c7 0f 3b exception.symbol: RtlInitUnicodeString+0x1f3 RtlMultiByteToUnicodeN-0x14a ntdll+0x2e3fb exception.instruction: mov dword ptr [eax], esi exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189435 exception.address: 0x76f3e3fb registers.esp: 2470136 registers.edi: 1224474624 registers.eax: 2299103488 registers.ebp: 2470188 registers.edx: 17803 registers.ebx: 1224502025 registers.esi: 1925547268 registers.ecx: 1166802927	1
__exception__ Dec. 18, 2023, 9:43 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x76f3e0d2 DllGetClassObjectInternal+0x3995f CorDllMainForThunk-0x52b9c clr+0xfe9d8 @ 0x7289e9d8 DllGetClassObjectInternal+0x3cb36 CorDllMainForThunk-0x4f9c5 clr+0x101baf @ 0x728a1baf DllGetClassObjectInternal+0x3cb02 CorDllMainForThunk-0x4f9f9 clr+0x101b7b @ 0x728a1b7b DllGetClassObjectInternal+0x3d036 CorDllMainForThunk-0x4f4c5 clr+0x1020af @ 0x728a20af DllGetClassObjectInternal+0x3d08d CorDllMainForThunk-0x4f46e clr+0x102106 @ 0x728a2106 DllGetClassObjectInternal+0x3c8ff CorDllMainForThunk-0x4fbfc clr+0x101978 @ 0x728a1978 DllGetClassObjectInternal+0x3c9d8 CorDllMainForThunk-0x4fb23 clr+0x101a51 @ 0x728a1a51 DllGetClassObjectInternal+0x34946 CorDllMainForThunk-0x57bb5 clr+0xf99bf @ 0x728999bf DllGetClassObjectInternal+0x349d3 CorDllMainForThunk-0x57b28 clr+0xf9a4c @ 0x72899a4c DllGetClassObjectInternal+0x34a2d CorDllMainForThunk-0x57ace clr+0xf9aa6 @ 0x72899aa6 DllGetClassObjectInternal+0x342b6 CorDllMainForThunk-0x58245 clr+0xf932f @ 0x7289932f DllGetClassObjectInternal+0x342eb CorDllMainForThunk-0x58210 clr+0xf9364 @ 0x72899364 DllGetClassObjectInternal+0x3445f CorDllMainForThunk-0x5809c clr+0xf94d8 @ 0x728994d8 CreateAssemblyNameObject+0x2728d GetMetaDataInternalInterface-0x111e2 clr+0x54726 @ 0x727f4726 CreateAssemblyNameObject+0x2730f GetMetaDataInternalInterface-0x11160 clr+0x547a8 @ 0x727f47a8 DllGetClassObjectInternal+0x35622 CorDllMainForThunk-0x56ed9 clr+0xfa69b @ 0x7289a69b PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x71ab5f5f mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x755c2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x736e3ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x727d971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x729334e8 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89 exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189172 exception.address: 0x76f3e2f4 registers.esp: 2462832 registers.edi: 2 registers.eax: 82519472 registers.ebp: 2462964 registers.edx: 3045208 registers.ebx: 400 registers.esi: 82519480 registers.ecx: 81796496	1
__exception__ Dec. 18, 2023, 9:43 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x76f3e0d2 DllGetClassObjectInternal+0x3995f CorDllMainForThunk-0x52b9c clr+0xfe9d8 @ 0x7289e9d8 DllGetClassObjectInternal+0x3cb36 CorDllMainForThunk-0x4f9c5 clr+0x101baf @ 0x728a1baf DllGetClassObjectInternal+0x3cb02 CorDllMainForThunk-0x4f9f9 clr+0x101b7b @ 0x728a1b7b DllGetClassObjectInternal+0x3d036 CorDllMainForThunk-0x4f4c5 clr+0x1020af @ 0x728a20af DllGetClassObjectInternal+0x3d08d CorDllMainForThunk-0x4f46e clr+0x102106 @ 0x728a2106 DllGetClassObjectInternal+0x3c8ff CorDllMainForThunk-0x4fbfc clr+0x101978 @ 0x728a1978 DllGetClassObjectInternal+0x3c9d8 CorDllMainForThunk-0x4fb23 clr+0x101a51 @ 0x728a1a51 DllGetClassObjectInternal+0x34946 CorDllMainForThunk-0x57bb5 clr+0xf99bf @ 0x728999bf DllGetClassObjectInternal+0x349d3 CorDllMainForThunk-0x57b28 clr+0xf9a4c @ 0x72899a4c DllGetClassObjectInternal+0x34a2d CorDllMainForThunk-0x57ace clr+0xf9aa6 @ 0x72899aa6 DllGetClassObjectInternal+0x342b6 CorDllMainForThunk-0x58245 clr+0xf932f @ 0x7289932f DllGetClassObjectInternal+0x342eb CorDllMainForThunk-0x58210 clr+0xf9364 @ 0x72899364 DllGetClassObjectInternal+0x3445f CorDllMainForThunk-0x5809c clr+0xf94d8 @ 0x728994d8 CreateAssemblyNameObject+0x2728d GetMetaDataInternalInterface-0x111e2 clr+0x54726 @ 0x727f4726 CreateAssemblyNameObject+0x2730f GetMetaDataInternalInterface-0x11160 clr+0x547a8 @ 0x727f47a8 DllGetClassObjectInternal+0x35622 CorDllMainForThunk-0x56ed9 clr+0xfa69b @ 0x7289a69b PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x71ab5f5f mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x755c2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x736e3ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x727d971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x729334e8 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89 exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 225032 exception.address: 0x76f46f08 registers.esp: 2462832 registers.edi: 400 registers.eax: 82519472 registers.ebp: 2462964 registers.edx: 4214226947 registers.ebx: 2 registers.esi: 82519480 registers.ecx: 81796496	1
__exception__ Dec. 18, 2023, 9:43 a.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x727a2170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x727a2195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x727a21a6 CoUninitializeEE+0xd8a2 CreateAssemblyNameObject-0x3b3 clr+0x2d0e6 @ 0x727cd0e6 DllGetClassObjectInternal+0x3563c CorDllMainForThunk-0x56ebf clr+0xfa6b5 @ 0x7289a6b5 PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x71ab5f5f mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x755c2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x736e3ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x727d971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x729334e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x72933682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x72935947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x72935b56 GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x72935543 StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x72931e51 StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x72932004 mscorlib+0x355147 @ 0x71b35147 mscorlib+0x985c14 @ 0x72165c14 mscorlib+0x9b45cf @ 0x721945cf mscorlib+0xd224c1 @ 0x725024c1 exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e exception.instruction: mov eax, dword ptr [esi + 4] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189342 exception.address: 0x76f3e39e registers.esp: 2464388 registers.edi: 82180872 registers.eax: 0 registers.ebp: 2464440 registers.edx: 82180880 registers.ebx: 82180880 registers.esi: 1982156395 registers.ecx: 3014656	1
__exception__ Dec. 18, 2023, 9:43 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x76f3e0d2 DllUnregisterServerInternal-0x7fe0 clr+0x2114 @ 0x727a2114 DllUnregisterServerInternal-0x7fa5 clr+0x214f @ 0x727a214f CreateAssemblyNameObject+0x263 GetMetaDataInternalInterface-0x3820c clr+0x2d6fc @ 0x727cd6fc CreateAssemblyNameObject+0x1af GetMetaDataInternalInterface-0x382c0 clr+0x2d648 @ 0x727cd648 CreateAssemblyNameObject+0x270ca GetMetaDataInternalInterface-0x113a5 clr+0x54563 @ 0x727f4563 DllGetClassObjectInternal+0x355f9 CorDllMainForThunk-0x56f02 clr+0xfa672 @ 0x7289a672 PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x71ab5f5f mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x727a2170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x727a2195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x727a21a6 CoUninitializeEE+0xd8a2 CreateAssemblyNameObject-0x3b3 clr+0x2d0e6 @ 0x727cd0e6 DllGetClassObjectInternal+0x3563c CorDllMainForThunk-0x56ebf clr+0xfa6b5 @ 0x7289a6b5 PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x71ab5f5f mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89 exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 225032 exception.address: 0x76f46f08 registers.esp: 2457720 registers.edi: 400 registers.eax: 82519472 registers.ebp: 2457852 registers.edx: 4214226947 registers.ebx: 2 registers.esi: 82519480 registers.ecx: 81796496	1
__exception__ Dec. 18, 2023, 9:43 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x76f3e0d2 RtlDeleteBoundaryDescriptor+0x3f RtlAnsiStringToUnicodeString-0x9 ntdll+0x2e6ac @ 0x76f3e6ac _wcsnicmp+0x133 RtlInitAnsiStringEx-0x2d ntdll+0x2f76e @ 0x76f3f76e EtwEventRegister+0x116 EtwRegisterTraceGuidsW-0x73 ntdll+0x3f7d0 @ 0x76f4f7d0 LdrGetProcedureAddressEx+0x11f wcsstr-0x99d ntdll+0x302ea @ 0x76f402ea LdrGetProcedureAddress+0x18 LdrGetProcedureAddressEx-0x9 ntdll+0x301c2 @ 0x76f401c2 New_ntdll_LdrGetProcedureAddress@16+0x59 New_ntdll_LdrLoadDll@16-0xfb @ 0x736ed359 GetProcAddress+0x44 GetVersion-0x38 kernelbase+0x111c4 @ 0x759811c4 CreateAssemblyNameObject+0xe597 GetMetaDataInternalInterface-0x29ed8 clr+0x3ba30 @ 0x727dba30 CoUninitializeEE+0xa200 CreateAssemblyNameObject-0x3a55 clr+0x29a44 @ 0x727c9a44 CoUninitializeEE+0xa149 CreateAssemblyNameObject-0x3b0c clr+0x2998d @ 0x727c998d CoUninitializeEE+0xa055 CreateAssemblyNameObject-0x3c00 clr+0x29899 @ 0x727c9899 CoUninitializeEE+0x9fee CreateAssemblyNameObject-0x3c67 clr+0x29832 @ 0x727c9832 DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x727bbcd5 DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x727a2ae9 mscorlib+0x34f009 @ 0x71b2f009 mscorlib+0x2d5f6a @ 0x71ab5f6a mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x727a2170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x727a2195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x727a21a6 CoUninitializeEE+0xd8a2 CreateAssemblyNameObject-0x3b3 clr+0x2d0e6 @ 0x727cd0e6 DllGetClassObjectInternal+0x3563c CorDllMainForThunk-0x56ebf clr+0xfa6b5 @ 0x7289a6b5 PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x71ab5f5f mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89 exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 225032 exception.address: 0x76f46f08 registers.esp: 2457432 registers.edi: 400 registers.eax: 82519472 registers.ebp: 2457564 registers.edx: 4214226947 registers.ebx: 2 registers.esi: 82519480 registers.ecx: 81796496	1
__exception__ Dec. 18, 2023, 9:43 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x76f3e0d2 DllGetClassObjectInternal+0x3995f CorDllMainForThunk-0x52b9c clr+0xfe9d8 @ 0x7289e9d8 DllGetClassObjectInternal+0x3cb36 CorDllMainForThunk-0x4f9c5 clr+0x101baf @ 0x728a1baf DllGetClassObjectInternal+0x3cb02 CorDllMainForThunk-0x4f9f9 clr+0x101b7b @ 0x728a1b7b DllGetClassObjectInternal+0x3d036 CorDllMainForThunk-0x4f4c5 clr+0x1020af @ 0x728a20af DllGetClassObjectInternal+0x3db07 CorDllMainForThunk-0x4e9f4 clr+0x102b80 @ 0x728a2b80 DllGetClassObjectInternal+0x3cd1d CorDllMainForThunk-0x4f7de clr+0x101d96 @ 0x728a1d96 DllGetClassObjectInternal+0x3cf04 CorDllMainForThunk-0x4f5f7 clr+0x101f7d @ 0x728a1f7d DllGetClassObjectInternal+0x3cf99 CorDllMainForThunk-0x4f562 clr+0x102012 @ 0x728a2012 DllGetClassObjectInternal+0x41789 CorDllMainForThunk-0x4ad72 clr+0x106802 @ 0x728a6802 DllGetClassObjectInternal+0x417dc CorDllMainForThunk-0x4ad1f clr+0x106855 @ 0x728a6855 DllGetClassObjectInternal+0x40b7e CorDllMainForThunk-0x4b97d clr+0x105bf7 @ 0x728a5bf7 DllGetClassObjectInternal+0x3a1da CorDllMainForThunk-0x52321 clr+0xff253 @ 0x7289f253 CreateAssemblyNameObject+0x368 GetMetaDataInternalInterface-0x38107 clr+0x2d801 @ 0x727cd801 CreateAssemblyNameObject+0x8d GetMetaDataInternalInterface-0x383e2 clr+0x2d526 @ 0x727cd526 mscorlib+0x3915ca @ 0x71b715ca mscorlib+0x34f009 @ 0x71b2f009 mscorlib+0x2d5f6a @ 0x71ab5f6a mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x727a2170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x727a2195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x727a21a6 CoUninitializeEE+0xd8a2 CreateAssemblyNameObject-0x3b3 clr+0x2d0e6 @ 0x727cd0e6 DllGetClassObjectInternal+0x3563c CorDllMainForThunk-0x56ebf clr+0xfa6b5 @ 0x7289a6b5 PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x71ab5f5f mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89 exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 225032 exception.address: 0x76f46f08 registers.esp: 2456284 registers.edi: 400 registers.eax: 82519472 registers.ebp: 2456416 registers.edx: 4214226947 registers.ebx: 2 registers.esi: 82519480 registers.ecx: 81796496	1
__exception__ Dec. 18, 2023, 9:43 a.m.	stacktrace: RtlImageNtHeader+0xac6 RtlDeleteCriticalSection-0x9cb ntdll+0x33c2a @ 0x76f43c2a RtlImageNtHeader+0xb6a RtlDeleteCriticalSection-0x927 ntdll+0x33cce @ 0x76f43cce DllGetClassObjectInternal+0x3995f CorDllMainForThunk-0x52b9c clr+0xfe9d8 @ 0x7289e9d8 DllGetClassObjectInternal+0x3cb36 CorDllMainForThunk-0x4f9c5 clr+0x101baf @ 0x728a1baf DllGetClassObjectInternal+0x3cb6f CorDllMainForThunk-0x4f98c clr+0x101be8 @ 0x728a1be8 DllGetClassObjectInternal+0x3cbd2 CorDllMainForThunk-0x4f929 clr+0x101c4b @ 0x728a1c4b DllGetClassObjectInternal+0x3cc62 CorDllMainForThunk-0x4f899 clr+0x101cdb @ 0x728a1cdb DllGetClassObjectInternal+0x3cc93 CorDllMainForThunk-0x4f868 clr+0x101d0c @ 0x728a1d0c DllGetClassObjectInternal+0x3c9d8 CorDllMainForThunk-0x4fb23 clr+0x101a51 @ 0x728a1a51 DllGetClassObjectInternal+0x34946 CorDllMainForThunk-0x57bb5 clr+0xf99bf @ 0x728999bf DllGetClassObjectInternal+0x349d3 CorDllMainForThunk-0x57b28 clr+0xf9a4c @ 0x72899a4c DllGetClassObjectInternal+0x34a2d CorDllMainForThunk-0x57ace clr+0xf9aa6 @ 0x72899aa6 DllGetClassObjectInternal+0x342b6 CorDllMainForThunk-0x58245 clr+0xf932f @ 0x7289932f DllGetClassObjectInternal+0x342eb CorDllMainForThunk-0x58210 clr+0xf9364 @ 0x72899364 DllGetClassObjectInternal+0x3463d CorDllMainForThunk-0x57ebe clr+0xf96b6 @ 0x728996b6 CreateAssemblyNameObject+0x2728d GetMetaDataInternalInterface-0x111e2 clr+0x54726 @ 0x727f4726 CreateAssemblyNameObject+0x2730f GetMetaDataInternalInterface-0x11160 clr+0x547a8 @ 0x727f47a8 DllGetClassObjectInternal+0x35622 CorDllMainForThunk-0x56ed9 clr+0xfa69b @ 0x7289a69b PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x71ab5f5f mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x727a2170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x727a2195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x727a21a6 CoUninitializeEE+0xd8a2 CreateAssemblyNameObject-0x3b3 clr+0x2d0e6 @ 0x727cd0e6 DllGetClassObjectInternal+0x3563c CorDllMainForThunk-0x56ebf clr+0xfa6b5 @ 0x7289a6b5 PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x71ab5f5f mscorlib+0x2d5c33 @ 0x71ab5c33 exception.instruction_r: 8b 48 f8 8b 53 4c 85 ca 74 03 33 4b 50 0f b7 c9 exception.symbol: RtlImageNtHeader+0xe15 RtlDeleteCriticalSection-0x67c ntdll+0x33f79 exception.instruction: mov ecx, dword ptr [eax + 0xfffffff8] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 212857 exception.address: 0x76f43f79 registers.esp: 2456900 registers.edi: 3015028 registers.eax: 0 registers.ebp: 2456936 registers.edx: 1048576 registers.ebx: 3014656 registers.esi: 3014852 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: RtlImageNtHeader+0xac6 RtlDeleteCriticalSection-0x9cb ntdll+0x33c2a @ 0x76f43c2a RtlImageNtHeader+0xb6a RtlDeleteCriticalSection-0x927 ntdll+0x33cce @ 0x76f43cce SimpleTypeAlignment-0x22a rpcrt4+0x10636 @ 0x75c40636 SimpleTypeAlignment-0x250 rpcrt4+0x10610 @ 0x75c40610 NdrNonEncapsulatedUnionMemorySize+0x4ab NdrSimpleTypeMarshall-0x657 rpcrt4+0x1dda3 @ 0x75c4dda3 SimpleTypeAlignment-0x12a rpcrt4+0x10736 @ 0x75c40736 UuidCreate+0x664 NdrConformantStringMarshall-0x660 rpcrt4+0x1faef @ 0x75c4faef RtlIsCriticalSectionLockedByThread+0x4cb TpDisassociateCallback-0x230 ntdll+0x45bff @ 0x76f55bff TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x76f554f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 48 f8 8b 53 4c 85 ca 74 03 33 4b 50 0f b7 c9 exception.symbol: RtlImageNtHeader+0xe15 RtlDeleteCriticalSection-0x67c ntdll+0x33f79 exception.instruction: mov ecx, dword ptr [eax + 0xfffffff8] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 212857 exception.address: 0x76f43f79 registers.esp: 98236692 registers.edi: 3015028 registers.eax: 0 registers.ebp: 98236728 registers.edx: 1048576 registers.ebx: 3014656 registers.esi: 3014852 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:43 a.m.	stacktrace: 0x76870d 0x7684de 0x766c85 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x768848 registers.esp: 1370276 registers.edi: 1370328 registers.eax: 0 registers.ebp: 1370340 registers.edx: 8862288 registers.ebx: 1371548 registers.esi: 42189948 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x7988ade 0x79889a1 0x79888bd 0x7987950 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 64 4b 85 07 89 85 3c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79893cc registers.esp: 1368600 registers.edi: 1368848 registers.eax: 0 registers.ebp: 1368860 registers.edx: 126175732 registers.ebx: 1371548 registers.esi: 42430484 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798cb60 0x7988ef0 0x79889a1 0x79888bd 0x7987950 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x798cba3 registers.esp: 1368836 registers.edi: 1369120 registers.eax: 0 registers.ebp: 1368844 registers.edx: 0 registers.ebx: 1371548 registers.esi: 42430484 registers.ecx: 47822404	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x7988ade 0x79889a1 0x79888d5 0x7987950 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 64 4b 85 07 89 85 3c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79893cc registers.esp: 1368600 registers.edi: 1368848 registers.eax: 0 registers.ebp: 1368860 registers.edx: 126175732 registers.ebx: 1371548 registers.esi: 42430484 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798cb60 0x7988ef0 0x79889a1 0x79888d5 0x7987950 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x798cba3 registers.esp: 1368836 registers.edi: 1369120 registers.eax: 0 registers.ebp: 1368844 registers.edx: 0 registers.ebx: 1371548 registers.esi: 42430484 registers.ecx: 49254276	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x7988ade 0x79889a1 0x79888d5 0x7987950 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 64 4b 85 07 89 85 3c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79893cc registers.esp: 1368600 registers.edi: 1368848 registers.eax: 0 registers.ebp: 1368860 registers.edx: 126175732 registers.ebx: 1371548 registers.esi: 42430484 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798cb60 0x7988ef0 0x79889a1 0x79888d5 0x7987950 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x798cba3 registers.esp: 1368836 registers.edi: 1369120 registers.eax: 0 registers.ebp: 1368844 registers.edx: 0 registers.ebx: 1371548 registers.esi: 42430484 registers.ecx: 42587156	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 e8 f5 a4 61 69 89 85 ec fc ff ff 8d bd e4 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7987c64 registers.esp: 1369224 registers.edi: 1370364 registers.eax: 0 registers.ebp: 1370400 registers.edx: 0 registers.ebx: 1371548 registers.esi: 1369936 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798d99d 0x798d870 0x79888bd 0x7988129 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 64 4b 85 07 89 85 3c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79893cc registers.esp: 1368560 registers.edi: 1368808 registers.eax: 0 registers.ebp: 1368820 registers.edx: 126175732 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798cb60 0x798de1e 0x798d870 0x79888bd 0x7988129 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x798cba3 registers.esp: 1368796 registers.edi: 1369136 registers.eax: 0 registers.ebp: 1368804 registers.edx: 0 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 44024244	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798d99d 0x798d870 0x79888d5 0x7988129 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 64 4b 85 07 89 85 3c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79893cc registers.esp: 1368560 registers.edi: 1368808 registers.eax: 0 registers.ebp: 1368820 registers.edx: 126175732 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798cb60 0x798de1e 0x798d870 0x79888d5 0x7988129 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x798cba3 registers.esp: 1368796 registers.edi: 1369136 registers.eax: 0 registers.ebp: 1368804 registers.edx: 0 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 45375544	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798d99d 0x798d870 0x79888d5 0x7988129 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 64 4b 85 07 89 85 3c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79893cc registers.esp: 1368560 registers.edi: 1368808 registers.eax: 0 registers.ebp: 1368820 registers.edx: 126175732 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798cb60 0x798de1e 0x798d870 0x79888d5 0x7988129 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x798cba3 registers.esp: 1368796 registers.edi: 1369136 registers.eax: 0 registers.ebp: 1368804 registers.edx: 0 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 42200924	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798e0ec 0x798dfa0 0x79888bd 0x798822b 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 64 4b 85 07 89 85 3c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79893cc registers.esp: 1368624 registers.edi: 1368872 registers.eax: 0 registers.ebp: 1368884 registers.edx: 126175732 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798cb60 0x798e3c2 0x798dfa0 0x79888bd 0x798822b 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x798cba3 registers.esp: 1368860 registers.edi: 1369136 registers.eax: 0 registers.ebp: 1368868 registers.edx: 0 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 43552288	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798e0ec 0x798dfa0 0x79888d5 0x798822b 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 64 4b 85 07 89 85 3c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79893cc registers.esp: 1368624 registers.edi: 1368872 registers.eax: 0 registers.ebp: 1368884 registers.edx: 126175732 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798cb60 0x798e3c2 0x798dfa0 0x79888d5 0x798822b 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x798cba3 registers.esp: 1368860 registers.edi: 1369136 registers.eax: 0 registers.ebp: 1368868 registers.edx: 0 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 45046944	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798e0ec 0x798dfa0 0x79888d5 0x798822b 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 64 4b 85 07 89 85 3c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79893cc registers.esp: 1368624 registers.edi: 1368872 registers.eax: 0 registers.ebp: 1368884 registers.edx: 126175732 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798cb60 0x798e3c2 0x798dfa0 0x79888d5 0x798822b 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x798cba3 registers.esp: 1368860 registers.edi: 1369136 registers.eax: 0 registers.ebp: 1368868 registers.edx: 0 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 46541600	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798e735 0x798e610 0x79888bd 0x7988318 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 64 4b 85 07 89 85 3c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79893cc registers.esp: 1368644 registers.edi: 1368892 registers.eax: 0 registers.ebp: 1368904 registers.edx: 126175732 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798cb60 0x798e9ea 0x798e610 0x79888bd 0x7988318 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x798cba3 registers.esp: 1368880 registers.edi: 1369136 registers.eax: 0 registers.ebp: 1368888 registers.edx: 0 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 43354356	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798e735 0x798e610 0x79888d5 0x7988318 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 64 4b 85 07 89 85 3c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79893cc registers.esp: 1368644 registers.edi: 1368892 registers.eax: 0 registers.ebp: 1368904 registers.edx: 126175732 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798cb60 0x798e9ea 0x798e610 0x79888d5 0x7988318 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x798cba3 registers.esp: 1368880 registers.edi: 1369136 registers.eax: 0 registers.ebp: 1368888 registers.edx: 0 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 44851392	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798e735 0x798e610 0x79888d5 0x7988318 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 64 4b 85 07 89 85 3c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79893cc registers.esp: 1368644 registers.edi: 1368892 registers.eax: 0 registers.ebp: 1368904 registers.edx: 126175732 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 0	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798cb60 0x798e9ea 0x798e610 0x79888d5 0x7988318 0x7986c4d 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x798cba3 registers.esp: 1368880 registers.edi: 1369136 registers.eax: 0 registers.ebp: 1368888 registers.edx: 0 registers.ebx: 1371548 registers.esi: 41889740 registers.ecx: 46348428	1
__exception__ Dec. 18, 2023, 9:44 a.m.	stacktrace: 0x798cb60 0x798f9bf 0x798f191 0x7986c7b 0x76c787 0x766d4d 0x76685e 0x763483 0x762ee8 0x762e7b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x798cba3 registers.esp: 1369792 registers.edi: 1370072 registers.eax: 0 registers.ebp: 1369800 registers.edx: 0 registers.ebx: 1371548 registers.esi: 46944268 registers.ecx: 42184788	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (50 out of 145 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 1769472 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007a0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00910000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 2228224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ae0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00cc0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00522000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00555000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0055b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00557000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0053c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0053d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0053e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0053f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c71000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c72000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c73000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c74000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c75000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c76000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c77000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c78000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef58000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0054a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00547000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0053a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6fa22000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00546000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c91000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c92000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c93000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00911000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00913000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c94000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00915000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00916000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00917000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00918000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00919000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 69632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0091d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0092e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Steals private information from local Internet browsers (7 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\lockfile
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\Protect544cd51a.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\Protect544cd51a.dll

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0047ec00', u'virtual_address': u'0x00002000', u'entropy': 7.153264348412215, u'name': u'.text', u'virtual_size': u'0x0047eb14'}

entropy

7.15326434841

description

A section with a high entropy has been found

entropy

0.985653104925

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Dec. 18, 2023, 9:44 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (11 events)

description	Take ScreenShot	rule	ScreenShot
description	PWS Memory	rule	Generic_PWS_Memory_Zero
description	RedLine stealer	rule	RedLine_Stealer_m_Zero
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Queries for potentially installed applications (39 events)

Time & API	Arguments	Status
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: AddressBook base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: Connection Manager base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: DirectDrawEx base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: EditPlus base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: ENTERPRISE base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: Fontcore base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: Google Chrome base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: IE40 base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: IE4Data base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: IE5BAKEX base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: IEData base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: MobileOptionPack base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: SchedulingAgent base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: WIC base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-0019-0412-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-001A-0412-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-001B-0412-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-001F-0409-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-001F-0412-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-0028-0412-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-002C-0412-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-0030-0000-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-0044-0412-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-006E-0409-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-006E-0412-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-00A1-0412-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-00BA-0409-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {90120000-0114-0412-0000-0000000FF1CE} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1
RegOpenKeyExW Dec. 18, 2023, 9:44 a.m.	regkey_r: {d992c12e-cab2-426f-bde3-fb8c53950b0d} base_handle: 0x000002a8 key_handle: 0x00000234 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}	1

One or more of the buffers contains an embedded PE file (2 events)

buffer	Buffer with sha1: 2441a44b06509975255deafbaa7fd57a83a0bd41
buffer	Buffer with sha1: ffd68cd57c7270858abb6568392901606238212b

Communicates with host for which no DNS query was performed (1 event)

host

91.92.241.115

Allocates execute permission to another process indicative of possible code injection (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2720 region_size: 245760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002c4	1	0	0

Harvests credentials from local FTP client softwares (2 events)

file	C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Potential code injection by writing to the memory of another process (3 events)

Time & API	Arguments	Status	Return
WriteProcessMemory Dec. 18, 2023, 9:43 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL¦1óà0À¬ß à@ À@ÄÞWàN© H.text$¿ À `.rsrcN©àªÂ@@.reloc l@B base_address: 0x00400000 process_identifier: 2720 process_handle: 0x000002c4	1	1
WriteProcessMemory Dec. 18, 2023, 9:43 a.m.	buffer: Ð ? base_address: 0x0043a000 process_identifier: 2720 process_handle: 0x000002c4	1	1
WriteProcessMemory Dec. 18, 2023, 9:43 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2720 process_handle: 0x000002c4	1	1

Code injection by writing an executable or DLL to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory Dec. 18, 2023, 9:43 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL¦1óà0À¬ß à@ À@ÄÞWàN© H.text$¿ À `.rsrcN©àªÂ@@.reloc l@B base_address: 0x00400000 process_identifier: 2720 process_handle: 0x000002c4	1	1	0

Collects information about installed applications (27 events)

Time & API	Arguments	Status
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW Dec. 18, 2023, 9:44 a.m.	key_handle: 0x00000234 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2552 called NtSetContextThread to modify thread in remote process 2720
NtSetContextThread Dec. 18, 2023, 9:43 a.m.	registers.eip: 1995571652 registers.esp: 1374216 registers.edi: 0 registers.eax: 4382494 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000002c0 process_identifier: 2720	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2552 resumed a thread in remote process 2720
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x000002c0 suspend_count: 1 process_identifier: 2720	1	0	0

Executed a process and injected code into it, probably while unpacking (42 events)

Time & API	Arguments	Status	Return
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2552	1	0
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x00000150 suspend_count: 1 process_identifier: 2552	1	0
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x0000018c suspend_count: 1 process_identifier: 2552	1	0
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x0000024c suspend_count: 1 process_identifier: 2552	1	0
NtGetContextThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x000000e4	1	0
NtGetContextThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x000000e4	1	0
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x000000e4 suspend_count: 1 process_identifier: 2552	1	0
NtGetContextThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x000000e4	1	0
NtGetContextThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x000000e4	1	0
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x000000e4 suspend_count: 1 process_identifier: 2552	1	0
CreateProcessInternalW Dec. 18, 2023, 9:43 a.m.	thread_identifier: 2724 thread_handle: 0x000002c0 process_identifier: 2720 current_directory: filepath: track: 1 command_line: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe filepath_r: stack_pivoted: 0 creation_flags: 564 (CREATE_NEW_CONSOLE\|CREATE_NEW_PROCESS_GROUP\|CREATE_SUSPENDED\|NORMAL_PRIORITY_CLASS) inherit_handles: 0 process_handle: 0x000002c4	1	1
NtUnmapViewOfSection Dec. 18, 2023, 9:43 a.m.	base_address: 0x00400000 region_size: 15728640 process_identifier: 2720 process_handle: 0x000002c4		3221225497
NtAllocateVirtualMemory Dec. 18, 2023, 9:43 a.m.	process_identifier: 2720 region_size: 245760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002c4	1	0
WriteProcessMemory Dec. 18, 2023, 9:43 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL¦1óà0À¬ß à@ À@ÄÞWàN© H.text$¿ À `.rsrcN©àªÂ@@.reloc l@B base_address: 0x00400000 process_identifier: 2720 process_handle: 0x000002c4	1	1
WriteProcessMemory Dec. 18, 2023, 9:43 a.m.	buffer: base_address: 0x00402000 process_identifier: 2720 process_handle: 0x000002c4	1	1
WriteProcessMemory Dec. 18, 2023, 9:43 a.m.	buffer: base_address: 0x0042e000 process_identifier: 2720 process_handle: 0x000002c4	1	1
WriteProcessMemory Dec. 18, 2023, 9:43 a.m.	buffer: Ð ? base_address: 0x0043a000 process_identifier: 2720 process_handle: 0x000002c4	1	1
NtGetContextThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x000002c0	1	0
WriteProcessMemory Dec. 18, 2023, 9:43 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2720 process_handle: 0x000002c4	1	1
NtSetContextThread Dec. 18, 2023, 9:43 a.m.	registers.eip: 1995571652 registers.esp: 1374216 registers.edi: 0 registers.eax: 4382494 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000002c0 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x000002c0 suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x00000158 suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x00000194 suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x00000200 suspend_count: 1 process_identifier: 2720	1	0
NtGetContextThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x000000e0	1	0
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x00000318 suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:43 a.m.	thread_handle: 0x00000350 suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:44 a.m.	thread_handle: 0x000003e4 suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:44 a.m.	thread_handle: 0x000003f8 suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:44 a.m.	thread_handle: 0x000001fc suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:44 a.m.	thread_handle: 0x0000025c suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:44 a.m.	thread_handle: 0x000002a0 suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:44 a.m.	thread_handle: 0x00000274 suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:44 a.m.	thread_handle: 0x000002a8 suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:44 a.m.	thread_handle: 0x000002a0 suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:44 a.m.	thread_handle: 0x0000017c suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:44 a.m.	thread_handle: 0x000003f0 suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:44 a.m.	thread_handle: 0x0000041c suspend_count: 1 process_identifier: 2720	1	0
NtResumeThread Dec. 18, 2023, 9:44 a.m.	thread_handle: 0x00000420 suspend_count: 1 process_identifier: 2720	1	0

File has been identified by 46 AntiVirus engines on VirusTotal as malicious (46 events)

Bkav	W32.AIDetectMalware.CS
DrWeb	Trojan.PackedNET.2593
MicroWorld-eScan	Trojan.Generic.34493651
FireEye	Trojan.Generic.34493651
Skyhigh	Artemis!Trojan
McAfee	Artemis!CF8A20B11CE9
Malwarebytes	Trojan.Crypt
Sangfor	Infostealer.Msil.Kryptik.Vo3y
Alibaba	TrojanSpy:MSIL/Stealer.9f48e053
Cybereason	malicious.0e296b
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.AKDO
APEX	Malicious
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender	Trojan.Generic.34493651
Avast	Win32:PWSX-gen [Trj]
Tencent	Win32.Trojan.FalseSign.Fflw
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Kryptik.vdaak
VIPRE	Trojan.Generic.34493651
Emsisoft	Trojan.Generic.34493651 (B)
Ikarus	Trojan.MSIL.Crypt
Webroot	W32.Malware.Gen
Google	Detected
Avira	TR/Kryptik.vdaak
Varist	W32/MSIL_Agent.GZN.gen!Eldorado
Antiy-AVL	Trojan/MSIL.Kryptik
Kingsoft	Win32.Troj.Undef.a
Microsoft	Trojan:Win32/Znyonm
Gridinsoft	Malware.Win32.RedLine.tr
Arcabit	Trojan.Generic.D20E54D3
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Stealer.gen
GData	Win32.Trojan.Agent.T2HQ1U
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Injection.C5559969
ALYac	Trojan.Generic.34493651
MAX	malware (ai score=86)
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H0DLF23
Rising	Malware.Obfus/MSIL@AI.84 (RDM.MSIL2:Zr0SebYyB5lXxArqTtG2rQ)
Fortinet	MSIL/Kryptik.AKDO!tr
AVG	Win32:PWSX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

v2.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All