Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 11, 2024, 2:18 p.m.	Aug. 11, 2024, 2:20 p.m.

Size	3.2MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`5fb3019941edcfa601638879bb313395`
SHA256	`286fddf3ce6b929da962c680febfff82719828cecf2c16df5a14cbfd1dfd27e9`
CRC32	`974364DB`
ssdeep	`98304:QBXN9nEx+Hr+6uzvu/4w92HeDp+6QBezn:QBXN9x+lzWQw2el+6QBc`
PDB Path	hpscanApp2024.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

66b286b03f960_hp-scanner.exe "C:\Users\test22\AppData\Local\Temp\66b286b03f960_hp-scanner.exe"
2564
- MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2636

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
185.215.113.25	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 185.215.113.25:13686 -> 192.168.56.101:49164	2400032	ET DROP Spamhaus DROP Listed Traffic Inbound group 33	Misc Attack
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043233	ET INFO Microsoft net.tcp Connection Initialization Activity	Potentially Bad Traffic
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	A Network Trojan was detected
TCP 185.215.113.25:13686 -> 192.168.56.101:49164	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 185.215.113.25:13686 -> 192.168.56.101:49164	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49164 -> 185.215.113.25:13686	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Queries for the computername (13 events)

Time & API	Arguments	Status	Return
GetComputerNameW Aug. 11, 2024, 2:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 11, 2024, 2:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 11, 2024, 2:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 11, 2024, 2:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 11, 2024, 2:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 11, 2024, 2:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 11, 2024, 2:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 11, 2024, 2:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 11, 2024, 2:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 11, 2024, 2:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 11, 2024, 2:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 11, 2024, 2:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 11, 2024, 2:20 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (4 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 11, 2024, 2:18 p.m.			0	0
IsDebuggerPresent Aug. 11, 2024, 2:18 p.m.			0	0
IsDebuggerPresent Aug. 11, 2024, 2:18 p.m.			0	0
IsDebuggerPresent Aug. 11, 2024, 2:18 p.m.			0	0

Uses Windows APIs to generate a cryptographic key (17 events)

Time & API	Arguments	Status	Return
CryptExportKey Aug. 11, 2024, 2:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b310 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b310 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b310 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b310 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b390 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b390 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b290 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b290 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b290 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b290 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b290 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b310 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b310 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b510 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x057b05a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x057b05a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Aug. 11, 2024, 2:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x057b0a60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

This executable has a PDB path (1 event)

pdb_path

hpscanApp2024.pdb

Tries to locate where the browsers are installed (3 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file	C:\Program Files\Mozilla Firefox\firefox.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 11, 2024, 2:18 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.sdata

One or more processes crashed (35 events)

Time & API	Arguments	Status
__exception__ Aug. 11, 2024, 2:18 p.m.	stacktrace: 0x5a3fdd 0x5a3e66 0x5a25f5 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5a40d0 registers.esp: 1961824 registers.edi: 1961876 registers.eax: 0 registers.ebp: 1961888 registers.edx: 8078664 registers.ebx: 1963004 registers.esi: 38711888 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:18 p.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x722b1194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x72182ba1 mscorlib+0x36dd51 @ 0x714add51 mscorlib+0x32fea6 @ 0x7146fea6 mscorlib+0x30ab40 @ 0x7144ab40 0x5ab362 0x5ab216 0x5aa991 0x5a9db6 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1960868 registers.edi: 0 registers.eax: 1960868 registers.ebp: 1960948 registers.edx: 0 registers.ebx: 8058504 registers.esi: 8078664 registers.ecx: 3431314866	1
__exception__ Aug. 11, 2024, 2:18 p.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x722b1194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x72182ba1 mscorlib+0x2f45b0 @ 0x714345b0 mscorlib+0x2f74d4 @ 0x714374d4 mscorlib+0x327e5c @ 0x71467e5c 0x5ab351 0x5ab216 0x5aa991 0x5a9db6 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1960920 registers.edi: 0 registers.eax: 1960920 registers.ebp: 1961000 registers.edx: 0 registers.ebx: 8058504 registers.esi: 8078664 registers.ecx: 3431314914	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f3475e 0x5f34617 0x5f34515 0x5f32afc 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960456 registers.edi: 1960680 registers.eax: 0 registers.ebp: 1960692 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 40442696 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f34ba3 0x5f34617 0x5f34515 0x5f32afc 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960668 registers.edi: 1960960 registers.eax: 0 registers.ebp: 1960676 registers.edx: 0 registers.ebx: 1963004 registers.esi: 40442696 registers.ecx: 40203904	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f3475e 0x5f34617 0x5f3452d 0x5f32afc 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960456 registers.edi: 1960680 registers.eax: 0 registers.ebp: 1960692 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 38656384 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f34ba3 0x5f34617 0x5f3452d 0x5f32afc 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960668 registers.edi: 1960960 registers.eax: 0 registers.ebp: 1960676 registers.edx: 0 registers.ebx: 1963004 registers.esi: 38656384 registers.ecx: 41932100	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f3475e 0x5f34617 0x5f3452d 0x5f32afc 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960456 registers.edi: 1960680 registers.eax: 0 registers.ebp: 1960692 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 38656384 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f34ba3 0x5f34617 0x5f3452d 0x5f32afc 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960668 registers.edi: 1960960 registers.eax: 0 registers.ebp: 1960676 registers.edx: 0 registers.ebx: 1963004 registers.esi: 38656384 registers.ecx: 43363680	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 e8 cb f3 9c 6a 89 85 4c fe ff ff 8d bd 44 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f32d8e registers.esp: 1961076 registers.edi: 1961840 registers.eax: 0 registers.ebp: 1961876 registers.edx: 0 registers.ebx: 1963004 registers.esi: 1961668 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f39634 0x5f394e0 0x5f34515 0x5f33243 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960464 registers.edi: 1960688 registers.eax: 0 registers.ebp: 1960700 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 38656384 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f39a1f 0x5f394e0 0x5f34515 0x5f33243 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960676 registers.edi: 1960988 registers.eax: 0 registers.ebp: 1960684 registers.edx: 0 registers.ebx: 1963004 registers.esi: 38656384 registers.ecx: 44801596	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f39634 0x5f394e0 0x5f3452d 0x5f33243 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960464 registers.edi: 1960688 registers.eax: 0 registers.ebp: 1960700 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 38656384 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f39a1f 0x5f394e0 0x5f3452d 0x5f33243 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960676 registers.edi: 1960988 registers.eax: 0 registers.ebp: 1960684 registers.edx: 0 registers.ebx: 1963004 registers.esi: 38656384 registers.ecx: 39208928	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f39634 0x5f394e0 0x5f3452d 0x5f33243 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960464 registers.edi: 1960688 registers.eax: 0 registers.ebp: 1960700 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f39a1f 0x5f394e0 0x5f3452d 0x5f33243 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960676 registers.edi: 1960988 registers.eax: 0 registers.ebp: 1960684 registers.edx: 0 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 40561504	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f39d13 0x5f39b98 0x5f34515 0x5f33345 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960476 registers.edi: 1960700 registers.eax: 0 registers.ebp: 1960712 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f3a0b3 0x5f39b98 0x5f34515 0x5f33345 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960688 registers.edi: 1960988 registers.eax: 0 registers.ebp: 1960696 registers.edx: 0 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 41914144	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f39d13 0x5f39b98 0x5f3452d 0x5f33345 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960476 registers.edi: 1960700 registers.eax: 0 registers.ebp: 1960712 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f3a0b3 0x5f39b98 0x5f3452d 0x5f33345 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960688 registers.edi: 1960988 registers.eax: 0 registers.ebp: 1960696 registers.edx: 0 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 39011572	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f39d13 0x5f39b98 0x5f3452d 0x5f33345 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960476 registers.edi: 1960700 registers.eax: 0 registers.ebp: 1960712 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f3a0b3 0x5f39b98 0x5f3452d 0x5f33345 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960688 registers.edi: 1960988 registers.eax: 0 registers.ebp: 1960696 registers.edx: 0 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 40346932	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f3a443 0x5f3a310 0x5f34515 0x5f33432 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960560 registers.edi: 1960784 registers.eax: 0 registers.ebp: 1960796 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f3a665 0x5f3a310 0x5f34515 0x5f33432 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960772 registers.edi: 1960988 registers.eax: 0 registers.ebp: 1960780 registers.edx: 0 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 41842944	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f3a443 0x5f3a310 0x5f3452d 0x5f33432 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960560 registers.edi: 1960784 registers.eax: 0 registers.ebp: 1960796 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f3a665 0x5f3a310 0x5f3452d 0x5f33432 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960772 registers.edi: 1960988 registers.eax: 0 registers.ebp: 1960780 registers.edx: 0 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 39296872	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f3a443 0x5f3a310 0x5f3452d 0x5f33432 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960560 registers.edi: 1960784 registers.eax: 0 registers.ebp: 1960796 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f3a665 0x5f3a310 0x5f3452d 0x5f33432 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960772 registers.edi: 1960988 registers.eax: 0 registers.ebp: 1960780 registers.edx: 0 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 39847696	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f3a8a0 0x5f3a798 0x5f34515 0x5f33507 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960572 registers.edi: 1960796 registers.eax: 0 registers.ebp: 1960808 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f3aac0 0x5f3a798 0x5f34515 0x5f33507 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960784 registers.edi: 1960988 registers.eax: 0 registers.ebp: 1960792 registers.edx: 0 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 41345764	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f3a8a0 0x5f3a798 0x5f3452d 0x5f33507 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960572 registers.edi: 1960796 registers.eax: 0 registers.ebp: 1960808 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f3aac0 0x5f3a798 0x5f3452d 0x5f33507 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960784 registers.edi: 1960988 registers.eax: 0 registers.ebp: 1960792 registers.edx: 0 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 42838788	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f3a8a0 0x5f3a798 0x5f3452d 0x5f33507 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 a0 45 49 05 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f35076 registers.esp: 1960572 registers.edi: 1960796 registers.eax: 0 registers.ebp: 1960808 registers.edx: 88687664 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 0	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f3aac0 0x5f3a798 0x5f3452d 0x5f33507 0x5f31c75 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1960784 registers.edi: 1960988 registers.eax: 0 registers.ebp: 1960792 registers.edx: 0 registers.ebx: 1963004 registers.esi: 38546340 registers.ecx: 39433528	1
__exception__ Aug. 11, 2024, 2:20 p.m.	stacktrace: 0x5f387e0 0x5f3ba84 0x5f3b275 0x5f31ca3 0x5a7e47 0x5a26bd 0x5a21ce 0x5a0676 0x5a0108 0x5a009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72102652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7211264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72112e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x721c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72251dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72251e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72251f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7225416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73faf5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5f38823 registers.esp: 1961336 registers.edi: 1961584 registers.eax: 0 registers.ebp: 1961344 registers.edx: 0 registers.ebx: 1963004 registers.esi: 40067708 registers.ecx: 40074892	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (50 out of 118 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 1900544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a70000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 1900544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02380000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02510000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006e2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00715000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0071b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00717000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006fd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023b1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023b5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ea000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 20480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023b6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023bb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023bd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00706000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0070a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00707000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023be000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023bf000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02330000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02331000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006fe000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02332000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02333000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ff000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02335000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02336000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02337000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02338000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02339000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x054a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 49152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x054a1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x054ad000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006fa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c14000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x054ae000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x054af000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02310000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02320000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2636 region_size: 1441792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00880000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2636 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72101000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72102000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2636 region_size: 917504 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1

Steals private information from local Internet browsers (7 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\lockfile
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State

Foreign language identified in PE resource (3 events)

name

RT_MENU

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x0034252c

size

0x00000308

name

RT_MENU

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x0034252c

size

0x00000308

name

RT_ACCELERATOR

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x00342834

size

0x000000b0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00320200', u'virtual_address': u'0x00002000', u'entropy': 7.546557439513068, u'name': u'.text', u'virtual_size': u'0x00320194'}

entropy

7.54655743951

description

A section with a high entropy has been found

entropy

0.964877901718

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 events)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Aug. 11, 2024, 2:18 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0
LookupPrivilegeValueW Aug. 11, 2024, 2:20 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (11 events)

description	Take ScreenShot	rule	ScreenShot
description	PWS Memory	rule	Generic_PWS_Memory_Zero
description	RedLine stealer	rule	RedLine_Stealer_m_Zero
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Queries for potentially installed applications (39 events)

Time & API	Arguments	Status
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x000003dc options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: AddressBook base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: Connection Manager base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: DirectDrawEx base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: EditPlus base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: ENTERPRISE base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: Fontcore base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: Google Chrome base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: IE40 base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: IE4Data base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: IE5BAKEX base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: IEData base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: MobileOptionPack base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: SchedulingAgent base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: WIC base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-0019-0412-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-001A-0412-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-001B-0412-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-001F-0409-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-001F-0412-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-0028-0412-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-002C-0412-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-0030-0000-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-0044-0412-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-006E-0409-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-006E-0412-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-00A1-0412-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-00BA-0409-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {90120000-0114-0412-0000-0000000FF1CE} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1
RegOpenKeyExW Aug. 11, 2024, 2:20 p.m.	regkey_r: {d992c12e-cab2-426f-bde3-fb8c53950b0d} base_handle: 0x000003dc key_handle: 0x000003e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}	1

Communicates with host for which no DNS query was performed (1 event)

host

185.215.113.25

Allocates execute permission to another process indicative of possible code injection (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2636 region_size: 335872 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000024c	1	0	0

Harvests credentials from local FTP client softwares (2 events)

file	C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Potential code injection by writing to the memory of another process (3 events)

Time & API	Arguments	Status	Return
WriteProcessMemory Aug. 11, 2024, 2:18 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELµ§à0ìÐ¦¹ @ @T¹O ÌÉ8¹ H.texté ì `.rsrcÌÉ Ìð@@.reloc¼@B base_address: 0x00400000 process_identifier: 2636 process_handle: 0x0000024c	1	1
WriteProcessMemory Aug. 11, 2024, 2:18 p.m.	buffer: °¨9 base_address: 0x00450000 process_identifier: 2636 process_handle: 0x0000024c	1	1
WriteProcessMemory Aug. 11, 2024, 2:18 p.m.	buffer: @ base_address: 0xfffde008 process_identifier: 2636 process_handle: 0x0000024c	1	1

Code injection by writing an executable or DLL to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory Aug. 11, 2024, 2:18 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELµ§à0ìÐ¦¹ @ @T¹O ÌÉ8¹ H.texté ì `.rsrcÌÉ Ìð@@.reloc¼@B base_address: 0x00400000 process_identifier: 2636 process_handle: 0x0000024c	1	1	0

Collects information about installed applications (27 events)

Time & API	Arguments	Status
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW Aug. 11, 2024, 2:20 p.m.	key_handle: 0x000003e8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2564 called NtSetContextThread to modify thread in remote process 2636
NtSetContextThread Aug. 11, 2024, 2:18 p.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4372902 registers.ebp: 0 registers.edx: 0 registers.ebx: -139264 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000248 process_identifier: 2636	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2564 resumed a thread in remote process 2636
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x00000248 suspend_count: 1 process_identifier: 2636	1	0	0

Executed a process and injected code into it, probably while unpacking (48 events)

Time & API	Arguments	Status	Return
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2564	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x0000014c suspend_count: 1 process_identifier: 2564	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x00000188 suspend_count: 1 process_identifier: 2564	1	0
CreateProcessInternalW Aug. 11, 2024, 2:18 p.m.	thread_identifier: 2640 thread_handle: 0x00000248 process_identifier: 2636 current_directory: filepath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe track: 1 command_line: filepath_r: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x0000024c	1	1
NtGetContextThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x00000248	1	0
NtAllocateVirtualMemory Aug. 11, 2024, 2:18 p.m.	process_identifier: 2636 region_size: 335872 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000024c	1	0
WriteProcessMemory Aug. 11, 2024, 2:18 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELµ§à0ìÐ¦¹ @ @T¹O ÌÉ8¹ H.texté ì `.rsrcÌÉ Ìð@@.reloc¼@B base_address: 0x00400000 process_identifier: 2636 process_handle: 0x0000024c	1	1
WriteProcessMemory Aug. 11, 2024, 2:18 p.m.	buffer: base_address: 0x00402000 process_identifier: 2636 process_handle: 0x0000024c	1	1
WriteProcessMemory Aug. 11, 2024, 2:18 p.m.	buffer: base_address: 0x00432000 process_identifier: 2636 process_handle: 0x0000024c	1	1
WriteProcessMemory Aug. 11, 2024, 2:18 p.m.	buffer: °¨9 base_address: 0x00450000 process_identifier: 2636 process_handle: 0x0000024c	1	1
WriteProcessMemory Aug. 11, 2024, 2:18 p.m.	buffer: @ base_address: 0xfffde008 process_identifier: 2636 process_handle: 0x0000024c	1	1
NtSetContextThread Aug. 11, 2024, 2:18 p.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4372902 registers.ebp: 0 registers.edx: 0 registers.ebx: -139264 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000248 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x00000248 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x00000154 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x00000198 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000002fc suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x00000334 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000003b4 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000003d8 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000003f8 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x00000420 suspend_count: 1 process_identifier: 2636	1	0
NtGetContextThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000e8	1	0
NtGetContextThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000e8	1	0
NtGetContextThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000e8	1	0
NtSetContextThread Aug. 11, 2024, 2:18 p.m.	registers.eip: 1914186628 registers.esp: 1961076 registers.edi: 65421312 registers.eax: 88998400 registers.ebp: 1961116 registers.edx: 156 registers.ebx: 0 registers.esi: 1114 registers.ecx: 38383704 thread_handle: 0x000000e8 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000e8 suspend_count: 1 process_identifier: 2636	1	0
NtGetContextThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000e8	1	0
NtGetContextThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000e8	1	0
NtGetContextThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000e8	1	0
NtSetContextThread Aug. 11, 2024, 2:18 p.m.	registers.eip: 1914186628 registers.esp: 1961128 registers.edi: 42236940 registers.eax: 0 registers.ebp: 1961132 registers.edx: 42221352 registers.ebx: 0 registers.esi: 7792 registers.ecx: 67178488 thread_handle: 0x000000e8 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000e8 suspend_count: 1 process_identifier: 2636	1	0
NtGetContextThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000e8	1	0
NtGetContextThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000e8	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000e8 suspend_count: 1 process_identifier: 2636	1	0
NtGetContextThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000e8	1	0
NtGetContextThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000e8	1	0
NtResumeThread Aug. 11, 2024, 2:18 p.m.	thread_handle: 0x000000e8 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:20 p.m.	thread_handle: 0x000003e0 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:20 p.m.	thread_handle: 0x00000278 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:20 p.m.	thread_handle: 0x00000234 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:20 p.m.	thread_handle: 0x00000244 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:20 p.m.	thread_handle: 0x00000268 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:20 p.m.	thread_handle: 0x00000374 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:20 p.m.	thread_handle: 0x000003e8 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:20 p.m.	thread_handle: 0x000004a0 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:20 p.m.	thread_handle: 0x00000504 suspend_count: 1 process_identifier: 2636	1	0
NtResumeThread Aug. 11, 2024, 2:20 p.m.	thread_handle: 0x000005f0 suspend_count: 1 process_identifier: 2636	1	0

File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Stealer.12!c
Elastic	malicious (high confidence)
CAT-QuickHeal	TrojanSpy.MSIL
Skyhigh	Artemis!Trojan
ALYac	Trojan.GenericKD.73803237
VIPRE	Trojan.GenericKD.73803237
Sangfor	Infostealer.Msil.Kryptik.V7gt
K7AntiVirus	Trojan ( 005b6d9f1 )
BitDefender	Trojan.GenericKD.73803237
K7GW	Trojan ( 005b6d9f1 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.ALTN
McAfee	Artemis!5FB3019941ED
Avast	Win32:MalwareX-gen [Trj]
ClamAV	Win.Packed.Malwarex-10033462-0
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba	TrojanSpy:MSIL/Stealer.ab208d0d
MicroWorld-eScan	Trojan.GenericKD.73803237
Rising	Malware.Obfus/MSIL@AI.92 (RDM.MSIL2:7r5m8i+nJYxarK8Zb/tmDw)
Emsisoft	Trojan.GenericKD.73803237 (B)
F-Secure	Trojan.TR/AD.RedLineSteal.ijzjp
DrWeb	Trojan.Packed2.47554
TrendMicro	Trojan.Win32.PRIVATELOADER.YXEHGZ
McAfeeD	ti!286FDDF3CE6B
FireEye	Trojan.GenericKD.73803237
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
Google	Detected
Avira	TR/AD.RedLineSteal.ijzjp
MAX	malware (ai score=80)
Gridinsoft	Trojan.Win32.Kryptik.cl
Microsoft	Trojan:MSIL/RedlineStealer.RPY!MTB
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Stealer.gen
GData	Trojan.GenericKD.73803237
Varist	W32/ABRisk.WPLU-9119
BitDefenderTheta	Gen:NN.ZemsilF.36810.pt0@audinxpO
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.Crypt.MSIL.Generic
Ikarus	Trojan.MSIL.Crypt
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.PRIVATELOADER.YXEHGZ
Tencent	Malware.Win32.Gencirc.141565c4
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.ALRL!tr
AVG	Win32:MalwareX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (D)
alibabacloud	Trojan:MSIL/Kryptik.AEBB

66b286b03f960_hp-scanner.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All