Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 19, 2024, 10:22 a.m.	Sept. 19, 2024, 10:24 a.m.

Size	11.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4fa734db8e9f7ce5ecd217b34ecc6969`
SHA256	`f358dde7b5f896d851677a271b4d20e70cdf36a9eeb9da9b001554d65e02a71b`
CRC32	`371E29B5`
ssdeep	`196608:FfhVx6cyJczra+6msUjFD8rXPLJy5rRUlXmBPzLMAoUsJBK7iskeDqQ7poZ:FfrABJq2+6mnD8b9y9RU8zLMAoUsJBKK`
Yara	Malicious_Library_Zero - Malicious_Library Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check

231.exe "C:\Users\test22\AppData\Local\Temp\231.exe"
2580
- 231.tmp "C:\Users\test22\AppData\Local\Temp\is-NDD40.tmp\231.tmp" /SL5="$80178,10740751,812544,C:\Users\test22\AppData\Local\Temp\231.exe"
  2660
  - 231.exe "C:\Users\test22\AppData\Local\Temp\231.exe" /VERYSILENT /NORESTART
    2728
    - 231.tmp "C:\Users\test22\AppData\Local\Temp\is-H496T.tmp\231.tmp" /SL5="$90178,10740751,812544,C:\Users\test22\AppData\Local\Temp\231.exe" /VERYSILENT /NORESTART
      2792
      - cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
        2844
        
        tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
        2904
        
        find.exe find /I "wrsa.exe"
        2940
      - cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
        3056
        
        tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
        2076
        
        find.exe find /I "opssvc.exe"
        2104
      - cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
        2176
        
        tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
        2248
        
        find.exe find /I "avastui.exe"
        2380
      - cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
        2532
        
        tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
        2620
        
        find.exe find /I "avgui.exe"
        2744
      - cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
        2644
        
        tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
        2860
        
        find.exe find /I "nswscsvc.exe"
        2932
      - cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
        3068
        
        tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
        2712
        
        find.exe find /I "sophoshealth.exe"
        2112
      - AutoIt3.exe "C:\Users\test22\AppData\Local\acetiam\\AutoIt3.exe" "C:\Users\test22\AppData\Local\acetiam\\grayhound1..a3x"
        2308
        
        cmd.exe "C:\Windows\System32\cmd.exe" /c ping -n 5 127.0.0.1 >nul && AutoIt3.exe C:\ProgramData\\68vp5vaM2.a3x && del C:\ProgramData\\68vp5vaM2.a3x
        2316
        
        PING.EXE ping -n 5 127.0.0.1
        2836
        
        AutoIt3.exe AutoIt3.exe C:\ProgramData\\68vp5vaM2.a3x
        1948
        
        MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        1376

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
45.141.86.82	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49240 -> 45.141.86.82:15647	2051910	ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity	A Network Trojan was detected
TCP 45.141.86.82:15647 -> 192.168.56.101:49240	2029217	ET MALWARE Arechclient2 Backdoor/SecTopRAT CnC Init	Malware Command and Control Activity Detected
TCP 192.168.56.101:49242 -> 45.141.86.82:9000	2052248	ET MALWARE Arechclient2 Backdoor/SecTopRAT Related Activity M2 (GET)	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Queries for the computername (32 events)

Time & API	Arguments	Status	Return
GetComputerNameW Sept. 19, 2024, 10:22 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:22 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:22 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:22 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:22 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:22 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:22 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 19, 2024, 10:24 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (6 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 19, 2024, 10:22 a.m.			0	0
IsDebuggerPresent Sept. 19, 2024, 10:22 a.m.			0	0
IsDebuggerPresent Sept. 19, 2024, 10:22 a.m.			0	0
IsDebuggerPresent Sept. 19, 2024, 10:23 a.m.			0	0
IsDebuggerPresent Sept. 19, 2024, 10:23 a.m.			0	0
IsDebuggerPresent Sept. 19, 2024, 10:23 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (9 events)

Time & API	Arguments	Status	Return
CryptExportKey Sept. 19, 2024, 10:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008cb4f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 19, 2024, 10:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008cb4f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 19, 2024, 10:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008cb3b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 19, 2024, 10:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008cb8f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 19, 2024, 10:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008cb970 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 19, 2024, 10:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008cb970 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 19, 2024, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x009a16e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 19, 2024, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x009a16e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 19, 2024, 10:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x009a1720 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Tries to locate where the browsers are installed (3 events)

file	C:\Program Files\Google\Chrome\Application\65.0.3325.181\
file	C:\Program Files\Mozilla Firefox\firefox.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 19, 2024, 10:22 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.itext
section	.didata

One or more processes crashed (30 events)

Time & API	Arguments	Status
__exception__ Sept. 19, 2024, 10:22 a.m.	stacktrace: __dbk_fcall_wrapper+0x287a85 dbkFCallWrapperAddr-0x21fab 231+0x29969d @ 0x13d969d __dbk_fcall_wrapper+0x287a85 dbkFCallWrapperAddr-0x21fab 231+0x29969d @ 0x13d969d __dbk_fcall_wrapper+0x29c0e8 dbkFCallWrapperAddr-0xd948 231+0x2add00 @ 0x13edd00 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 4258012 registers.edi: 0 registers.eax: 4258012 registers.ebp: 4258092 registers.edx: 0 registers.ebx: 3 registers.esi: 2 registers.ecx: 7	1
__exception__ Sept. 19, 2024, 10:23 a.m.	stacktrace: 0x50883c7 0x5086883 0x508448c 0x5083fc5 0x50822f5 0x5080137 0x45a6ee4 0x45a5040 0x88d263 0x88c481 0x88c094 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 bc 8b 45 bc 89 45 b8 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x50892d0 registers.esp: 90888256 registers.edi: 90888320 registers.eax: 0 registers.ebp: 90888332 registers.edx: 9817688 registers.ebx: 39664004 registers.esi: 40795424 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:23 a.m.	stacktrace: 0x59e0a9e 0x59e08dd 0x59e0813 0x508ecc4 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x50822f5 0x5080137 0x45a6ee4 0x45a5040 0x88d263 0x88c481 0x88c094 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 90885048 registers.edi: 90885384 registers.eax: 0 registers.ebp: 90885396 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 41145564 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:23 a.m.	stacktrace: 0x59e0a9e 0x59e08dd 0x59e082b 0x508ecc4 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x50822f5 0x5080137 0x45a6ee4 0x45a5040 0x88d263 0x88c481 0x88c094 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 90885048 registers.edi: 90885384 registers.eax: 0 registers.ebp: 90885396 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 41145564 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:23 a.m.	stacktrace: 0x59e0a9e 0x59e08dd 0x59e082b 0x508ecc4 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x50822f5 0x5080137 0x45a6ee4 0x45a5040 0x88d263 0x88c481 0x88c094 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 90885048 registers.edi: 90885384 registers.eax: 0 registers.ebp: 90885396 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 41145564 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:23 a.m.	stacktrace: 0x59e9d5a 0x59e99a5 0x59e0813 0x508edfd 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x50822f5 0x5080137 0x45a6ee4 0x45a5040 0x88d263 0x88c481 0x88c094 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 90884476 registers.edi: 90884812 registers.eax: 0 registers.ebp: 90884824 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 39996892 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:23 a.m.	stacktrace: 0x59e9d5a 0x59e99a5 0x59e082b 0x508edfd 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x50822f5 0x5080137 0x45a6ee4 0x45a5040 0x88d263 0x88c481 0x88c094 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 90884476 registers.edi: 90884812 registers.eax: 0 registers.ebp: 90884824 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 39996892 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:23 a.m.	stacktrace: 0x59e9d5a 0x59e99a5 0x59e082b 0x508edfd 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x50822f5 0x5080137 0x45a6ee4 0x45a5040 0x88d263 0x88c481 0x88c094 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 90884476 registers.edi: 90884812 registers.eax: 0 registers.ebp: 90884824 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 39996892 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:23 a.m.	stacktrace: 0x59ec6ba 0x59ec4dc 0x59e0813 0x508eeea 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x50822f5 0x5080137 0x45a6ee4 0x45a5040 0x88d263 0x88c481 0x88c094 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 90885176 registers.edi: 90885512 registers.eax: 0 registers.ebp: 90885524 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 39996892 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:23 a.m.	stacktrace: 0x59ec6ba 0x59ec4dc 0x59e082b 0x508eeea 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x50822f5 0x5080137 0x45a6ee4 0x45a5040 0x88d263 0x88c481 0x88c094 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 90885176 registers.edi: 90885512 registers.eax: 0 registers.ebp: 90885524 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 39996892 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:23 a.m.	stacktrace: 0x59ec6ba 0x59ec4dc 0x59e082b 0x508eeea 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x50822f5 0x5080137 0x45a6ee4 0x45a5040 0x88d263 0x88c481 0x88c094 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 90885176 registers.edi: 90885512 registers.eax: 0 registers.ebp: 90885524 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 39996892 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:23 a.m.	stacktrace: 0x59ed09d 0x59eced9 0x59e0813 0x508eff3 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x50822f5 0x5080137 0x45a6ee4 0x45a5040 0x88d263 0x88c481 0x88c094 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 90884556 registers.edi: 90884892 registers.eax: 0 registers.ebp: 90884904 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 39996892 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:23 a.m.	stacktrace: 0x59ed09d 0x59eced9 0x59e082b 0x508eff3 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x50822f5 0x5080137 0x45a6ee4 0x45a5040 0x88d263 0x88c481 0x88c094 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 90884556 registers.edi: 90884892 registers.eax: 0 registers.ebp: 90884904 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 39996892 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:23 a.m.	stacktrace: 0x59ed09d 0x59eced9 0x59e082b 0x508eff3 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x50822f5 0x5080137 0x45a6ee4 0x45a5040 0x88d263 0x88c481 0x88c094 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 90884556 registers.edi: 90884892 registers.eax: 0 registers.ebp: 90884904 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 39994896 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: 0x50883c7 0x5086883 0x508448c 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 bc 8b 45 bc 89 45 b8 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x50892d0 registers.esp: 108781292 registers.edi: 108781356 registers.eax: 0 registers.ebp: 108781368 registers.edx: 97601168 registers.ebx: 39956212 registers.esi: 42128420 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: 0x59e0a9e 0x59e08dd 0x59e0813 0x508ecc4 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 108778084 registers.edi: 108778420 registers.eax: 0 registers.ebp: 108778432 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 42305200 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: 0x59e0a9e 0x59e08dd 0x59e082b 0x508ecc4 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 108778084 registers.edi: 108778420 registers.eax: 0 registers.ebp: 108778432 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 42305200 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: 0x59e0a9e 0x59e08dd 0x59e082b 0x508ecc4 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 108778084 registers.edi: 108778420 registers.eax: 0 registers.ebp: 108778432 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 42305200 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: 0x59e9d5a 0x59e99a5 0x59e0813 0x508edfd 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 108777512 registers.edi: 108777848 registers.eax: 0 registers.ebp: 108777860 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 40230136 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: 0x59e9d5a 0x59e99a5 0x59e082b 0x508edfd 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 108777512 registers.edi: 108777848 registers.eax: 0 registers.ebp: 108777860 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 40230136 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: 0x59e9d5a 0x59e99a5 0x59e082b 0x508edfd 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 108777512 registers.edi: 108777848 registers.eax: 0 registers.ebp: 108777860 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 40230136 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: 0x59ec6ba 0x59ec4dc 0x59e0813 0x508eeea 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 108778212 registers.edi: 108778548 registers.eax: 0 registers.ebp: 108778560 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 40188520 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: 0x59ec6ba 0x59ec4dc 0x59e082b 0x508eeea 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 108778212 registers.edi: 108778548 registers.eax: 0 registers.ebp: 108778560 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 40188520 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: 0x59ec6ba 0x59ec4dc 0x59e082b 0x508eeea 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 108778212 registers.edi: 108778548 registers.eax: 0 registers.ebp: 108778560 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 40188520 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: 0x59ed09d 0x59eced9 0x59e0813 0x508eff3 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 108777592 registers.edi: 108777928 registers.eax: 0 registers.ebp: 108777940 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 40188520 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: 0x59ed09d 0x59eced9 0x59e082b 0x508eff3 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 108777592 registers.edi: 108777928 registers.eax: 0 registers.ebp: 108777940 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 40188520 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: 0x59ed09d 0x59eced9 0x59e082b 0x508eff3 0x508b502 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 58 27 bc 04 89 85 e4 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x59e1d1f registers.esp: 108777592 registers.edi: 108777928 registers.eax: 0 registers.ebp: 108777940 registers.edx: 79439336 registers.ebx: 214225 registers.esi: 40188520 registers.ecx: 0	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x72951194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x72822ba1 mscorlib+0x36dd33 @ 0x71b4dd33 mscorlib+0x32fea6 @ 0x71b0fea6 mscorlib+0x30ab40 @ 0x71aeab40 0x59e238c 0x6238535 0x6237ab3 0x5e1502f 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 108780776 registers.edi: 0 registers.eax: 108780776 registers.ebp: 108780856 registers.edx: 0 registers.ebx: 9303984 registers.esi: 97601168 registers.ecx: 3672399986	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x72951194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x72822ba1 mscorlib+0x36dd51 @ 0x71b4dd51 mscorlib+0x32fea6 @ 0x71b0fea6 mscorlib+0x30ab40 @ 0x71aeab40 0x59e238c 0x6238535 0x6237ab3 0x5e1502f 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 108780776 registers.edi: 0 registers.eax: 108780776 registers.ebp: 108780856 registers.edx: 0 registers.ebx: 9303984 registers.esi: 97601168 registers.ecx: 3672399986	1
__exception__ Sept. 19, 2024, 10:24 a.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x72951194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x72822ba1 mscorlib+0x36dd53 @ 0x71b4dd53 mscorlib+0x32fea6 @ 0x71b0fea6 mscorlib+0x30ab40 @ 0x71aeab40 0x59e238c 0x6238535 0x6237ab3 0x5e1502f 0x50896e0 0x508458e 0x5083fc5 0x695cec6 0x5e1e614 0x5e1c35e mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 108780776 registers.edi: 0 registers.eax: 108780776 registers.ebp: 108780856 registers.edx: 0 registers.ebx: 9303984 registers.esi: 97601168 registers.ecx: 3672399986	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (50 out of 161 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ed0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 688128 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ed1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00f87000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 110592 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00f89000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73422000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73422000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2660 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ed0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 688128 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ed1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00f87000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 110592 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00f89000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73662000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73662000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:22 a.m.	process_identifier: 2308 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73662000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1948 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x735e2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1948 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 180224 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00f49000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 1179648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00700000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 1179648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003bc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003db000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003aa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003ca000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003c7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003c6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005fa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005fd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005fe000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00880000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00881000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00883000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00884000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00887000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00888000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00889000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2024, 10:23 a.m.	process_identifier: 1376 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0088b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Steals private information from local Internet browsers (11 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ckpaelocniggkheibcacecnmmlmeodfa
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn

Creates executable files on the filesystem (5 events)

file	C:\Users\test22\AppData\Local\Temp\is-7IC0P.tmp\_isetup\_iscrypt.dll
file	C:\Users\test22\AppData\Local\22tset\llg\background.js
file	C:\Users\test22\AppData\Local\22tset\llg\jquery.js
file	C:\Users\test22\AppData\Local\Temp\is-L7B9K.tmp\_isetup\_iscrypt.dll
file	C:\Users\test22\AppData\Local\22tset\llg\content.js

Creates a suspicious process (8 events)

cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH \| find /I "avgui.exe"
cmdline	"C:\Windows\System32\cmd.exe" /c ping -n 5 127.0.0.1 >nul && AutoIt3.exe C:\ProgramData\\68vp5vaM2.a3x && del C:\ProgramData\\68vp5vaM2.a3x
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH \| find /I "opssvc.exe"
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH \| find /I "sophoshealth.exe"
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH \| find /I "wrsa.exe"
cmdline	cmd.exe /c ping -n 5 127.0.0.1 >nul && AutoIt3.exe C:\ProgramData\\68vp5vaM2.a3x && del C:\ProgramData\\68vp5vaM2.a3x
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH \| find /I "nswscsvc.exe"
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH \| find /I "avastui.exe"

Drops an executable to the user AppData folder (3 events)

file	C:\Users\test22\AppData\Local\Temp\is-NDD40.tmp\231.tmp
file	C:\Users\test22\AppData\Local\Temp\is-7IC0P.tmp\maintenanceservice_installer
file	C:\Users\test22\AppData\Local\Temp\is-L7B9K.tmp\_isetup\_iscrypt.dll

Executes one or more WMI queries (6 events)

wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'

A process created a hidden window (1 event)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW Sept. 19, 2024, 10:23 a.m.	show_type: 0 filepath_r: cmd.exe parameters: /c ping -n 5 127.0.0.1 >nul && AutoIt3.exe C:\ProgramData\\68vp5vaM2.a3x && del C:\ProgramData\\68vp5vaM2.a3x filepath: cmd.exe	1	1	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Sept. 19, 2024, 10:23 a.m.	flags: 1158 family: 0	1	0	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (7 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW Sept. 19, 2024, 10:22 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Sept. 19, 2024, 10:22 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Sept. 19, 2024, 10:22 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Sept. 19, 2024, 10:22 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Sept. 19, 2024, 10:22 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Sept. 19, 2024, 10:22 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Sept. 19, 2024, 10:23 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Yara rule detected in process memory (9 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Queries for potentially installed applications (50 out of 79 events)

Time & API	Arguments	Status	Return
RegOpenKeyExW Sept. 19, 2024, 10:22 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{DC596D49-3C60-47BD-9096-E0869EADCB16}}_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000101 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DC596D49-3C60-47BD-9096-E0869EADCB16}}_is1		2
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x000003b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: AddressBook base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: Connection Manager base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: DirectDrawEx base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: EditPlus base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: ENTERPRISE base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: Fontcore base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: Google Chrome base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: IE40 base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: IE4Data base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: IE5BAKEX base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: IEData base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: MobileOptionPack base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: SchedulingAgent base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: WIC base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-0019-0412-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-001A-0412-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-001B-0412-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-001F-0409-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-001F-0412-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-0028-0412-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-002C-0412-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-0030-0000-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-0044-0412-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-006E-0409-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-006E-0412-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-00A1-0412-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-00BA-0409-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {90120000-0114-0412-0000-0000000FF1CE} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:23 a.m.	regkey_r: {d992c12e-cab2-426f-bde3-fb8c53950b0d} base_handle: 0x000003b4 key_handle: 0x000003c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}	1	0
RegOpenKeyExW Sept. 19, 2024, 10:24 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x00000288 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1	0
RegOpenKeyExW Sept. 19, 2024, 10:24 a.m.	regkey_r: AddressBook base_handle: 0x00000288 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1	0
RegOpenKeyExW Sept. 19, 2024, 10:24 a.m.	regkey_r: Connection Manager base_handle: 0x00000288 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1	0
RegOpenKeyExW Sept. 19, 2024, 10:24 a.m.	regkey_r: DirectDrawEx base_handle: 0x00000288 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1	0
RegOpenKeyExW Sept. 19, 2024, 10:24 a.m.	regkey_r: EditPlus base_handle: 0x00000288 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1	0
RegOpenKeyExW Sept. 19, 2024, 10:24 a.m.	regkey_r: ENTERPRISE base_handle: 0x00000288 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1	0
RegOpenKeyExW Sept. 19, 2024, 10:24 a.m.	regkey_r: Fontcore base_handle: 0x00000288 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1	0
RegOpenKeyExW Sept. 19, 2024, 10:24 a.m.	regkey_r: Google Chrome base_handle: 0x00000288 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1	0
RegOpenKeyExW Sept. 19, 2024, 10:24 a.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x00000288 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1	0
RegOpenKeyExW Sept. 19, 2024, 10:24 a.m.	regkey_r: IE40 base_handle: 0x00000288 key_handle: 0x0000028c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1	0

Uses Windows utilities for basic Windows functionality (15 events)

cmdline	tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH \| find /I "avgui.exe"
cmdline	tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
cmdline	ping -n 5 127.0.0.1
cmdline	"C:\Windows\System32\cmd.exe" /c ping -n 5 127.0.0.1 >nul && AutoIt3.exe C:\ProgramData\\68vp5vaM2.a3x && del C:\ProgramData\\68vp5vaM2.a3x
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH \| find /I "opssvc.exe"
cmdline	tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
cmdline	tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
cmdline	tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH \| find /I "sophoshealth.exe"
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH \| find /I "wrsa.exe"
cmdline	tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
cmdline	cmd.exe /c ping -n 5 127.0.0.1 >nul && AutoIt3.exe C:\ProgramData\\68vp5vaM2.a3x && del C:\ProgramData\\68vp5vaM2.a3x
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH \| find /I "nswscsvc.exe"
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH \| find /I "avastui.exe"

Communicates with host for which no DNS query was performed (1 event)

host

45.141.86.82

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Sept. 19, 2024, 10:23 a.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

A process attempted to delay the analysis task. (1 event)

description

MSBuild.exe tried to sleep 2728278 seconds, actually delayed analysis time by 2728278 seconds

Harvests credentials from local FTP client softwares (2 events)

file	C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Collects information about installed applications (50 out of 54 events)

Time & API	Arguments	Status
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:23 a.m.	key_handle: 0x000003c4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 19, 2024, 10:24 a.m.	key_handle: 0x0000028c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1

Creates a windows hook that monitors keyboard input (keylogger) (1 event)

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExW Sept. 19, 2024, 10:23 a.m.	thread_identifier: 0 callback_function: 0x007e0d1a hook_identifier: 13 (WH_KEYBOARD_LL) module_address: 0x00000000	1	2163083	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2308 resumed a thread in remote process 2316
NtResumeThread Sept. 19, 2024, 10:23 a.m.	thread_handle: 0x00000290 suspend_count: 1 process_identifier: 2316	1	0	0

Detects the presence of Wine emulator (4 events)

Time & API	Arguments	Return
LdrGetProcedureAddress Sept. 19, 2024, 10:22 a.m.	ordinal: 0 function_address: 0x00edf7a8 function_name: wine_get_version module: ntdll module_address: 0x76f10000	3221225785
LdrGetProcedureAddress Sept. 19, 2024, 10:22 a.m.	ordinal: 0 function_address: 0x011517b0 function_name: wine_get_version module: ntdll module_address: 0x76f10000	3221225785
LdrGetProcedureAddress Sept. 19, 2024, 10:22 a.m.	ordinal: 0 function_address: 0x00edf7a8 function_name: wine_get_version module: ntdll module_address: 0x76f10000	3221225785
LdrGetProcedureAddress Sept. 19, 2024, 10:22 a.m.	ordinal: 0 function_address: 0x00bb17b0 function_name: wine_get_version module: ntdll module_address: 0x76f10000	3221225785

File has been identified by 39 AntiVirus engines on VirusTotal as malicious (39 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Penguish.4!c
Skyhigh	Artemis!Trojan
ALYac	Trojan.Generic.36742838
VIPRE	Trojan.Generic.36742838
Sangfor	Trojan.Msil.Agent.Vgbw
CrowdStrike	win/grayware_confidence_70% (D)
BitDefender	Trojan.Generic.36742838
K7GW	Trojan ( 0055c9131 )
K7AntiVirus	Trojan ( 0055c9131 )
Arcabit	Trojan.Generic.D230A6B6
Symantec	Trojan.Gen.MBT
ESET-NOD32	MSIL/Agent.CKL
Avast	Win32:Malware-gen
Kaspersky	Trojan.Win32.Penguish.cmh
Alibaba	Trojan:Win32/Penguish.1b8fb277
MicroWorld-eScan	Trojan.Generic.36742838
Emsisoft	Trojan.Generic.36742838 (B)
F-Secure	Trojan.TR/Agent.aaagcn
TrendMicro	Backdoor.Win32.SECTOPRAT.YXEIDZ
McAfeeD	ti!F358DDE7B5F8
CTX	exe.trojan.msil
Sophos	Mal/Generic-S
FireEye	Trojan.Generic.36742838
Webroot	W32.Malware.Gen
Avira	TR/Agent.aaagcn
Kingsoft	Win32.Trojan.Penguish.cmh
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	Trojan.Win32.Penguish.cmh
GData	Win32.Malware.Obfus.S4JVPL@susp
McAfee	Artemis!4FA734DB8E9F
DeepInstinct	MALICIOUS
Ikarus	Trojan.MSIL.Agent
TrendMicro-HouseCall	Backdoor.Win32.SECTOPRAT.YXEIDZ
Tencent	Win32.Trojan.FalseSign.Lcnw
MaxSecure	Trojan.Malware.278916312.susgen
Fortinet	MSIL/Agent.CKL!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml

231.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All