Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 12, 2025, 2:32 p.m.	Jan. 12, 2025, 2:54 p.m.

Size	300.5KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6260e34e7f5b518f3937628626dab6df`
SHA256	`aad0d1425bb69662314d41ae1ed1b5ce5497d4c88cfa83a3b4e9a5fcfee0361f`
CRC32	`3B0DACCA`
ssdeep	`3072:2cZqf7D34dp/0+mAIkygIQQUgWsB1fA0PuTVAtkxze3RoeqiOL2bBOA:2cZqf7DIHnyjPB1fA0GTV8kkoL`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature RedLine_Stealer_b_Zero - RedLine stealer Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult IsPE32 - (no description) UPX_Zero - UPX packed file detect_Redline_Stealer_V2 - (no description) OS_Processor_Check_Zero - OS Processor Check

tmx.exe "C:\Users\test22\AppData\Local\Temp\tmx.exe"
2312

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
185.81.68.147	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043233	ET INFO Microsoft net.tcp Connection Initialization Activity	Potentially Bad Traffic
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	A Network Trojan was detected
TCP 185.81.68.147:1912 -> 192.168.56.101:49162	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 185.81.68.147:1912 -> 192.168.56.101:49162	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 185.81.68.147:1912	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Queries for the computername (7 events)

Time & API	Arguments	Status	Return
GetComputerNameW Jan. 12, 2025, 2:32 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Jan. 12, 2025, 2:32 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Jan. 12, 2025, 2:32 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Jan. 12, 2025, 2:32 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Jan. 12, 2025, 2:32 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Jan. 12, 2025, 2:32 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Jan. 12, 2025, 2:33 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0
IsDebuggerPresent Jan. 12, 2025, 2:32 p.m.			0	0

Uses Windows APIs to generate a cryptographic key (17 events)

Time & API	Arguments	Status	Return
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0040b168 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0040b168 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0040b168 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0040b168 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0040b1e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0040b1e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0040b0e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0040b0e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0040b0e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0040b0e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0040b0e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0040b168 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0040b168 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0040b368 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x050e0ae8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x050e0ae8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 12, 2025, 2:32 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x050e08e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Tries to locate where the browsers are installed (3 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file	C:\Program Files\Mozilla Firefox\firefox.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Jan. 12, 2025, 2:32 p.m.		1	1	0

One or more processes crashed (33 events)

Time & API	Arguments	Status
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x713edd 0x713d66 0x7125fd 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x713fd0 registers.esp: 1698508 registers.edi: 1698560 registers.eax: 0 registers.ebp: 1698572 registers.edx: 4295920 registers.ebx: 1699692 registers.esi: 38753444 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5881906 0x58817bf 0x58816bd 0x5880769 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697140 registers.edi: 1697364 registers.eax: 0 registers.ebp: 1697376 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 42084976 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5885b10 0x5881d4b 0x58817bf 0x58816bd 0x5880769 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697352 registers.edi: 1697644 registers.eax: 0 registers.ebp: 1697360 registers.edx: 0 registers.ebx: 1699692 registers.esi: 42084976 registers.ecx: 39635632	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5881906 0x58817bf 0x58816d5 0x5880769 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697140 registers.edi: 1697364 registers.eax: 0 registers.ebp: 1697376 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5885b10 0x5881d4b 0x58817bf 0x58816d5 0x5880769 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697352 registers.edi: 1697644 registers.eax: 0 registers.ebp: 1697360 registers.edx: 0 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 41068288	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5881906 0x58817bf 0x58816d5 0x5880769 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697140 registers.edi: 1697364 registers.eax: 0 registers.ebp: 1697376 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5885b10 0x5881d4b 0x58817bf 0x58816d5 0x5880769 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697352 registers.edi: 1697644 registers.eax: 0 registers.ebp: 1697360 registers.edx: 0 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 38879904	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 e8 5e 17 fe 6a 89 85 4c fe ff ff 8d bd 44 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x58809fb registers.esp: 1697760 registers.edi: 1698524 registers.eax: 0 registers.ebp: 1698560 registers.edx: 0 registers.ebx: 1699692 registers.esi: 1698352 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5886964 0x5886810 0x58816bd 0x5880eb0 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697148 registers.edi: 1697372 registers.eax: 0 registers.ebp: 1697384 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5885b10 0x5886d4f 0x5886810 0x58816bd 0x5880eb0 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697360 registers.edi: 1697672 registers.eax: 0 registers.ebp: 1697368 registers.edx: 0 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 40317820	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5886964 0x5886810 0x58816d5 0x5880eb0 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697148 registers.edi: 1697372 registers.eax: 0 registers.ebp: 1697384 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5885b10 0x5886d4f 0x5886810 0x58816d5 0x5880eb0 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697360 registers.edi: 1697672 registers.eax: 0 registers.ebp: 1697368 registers.edx: 0 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 41670396	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5886964 0x5886810 0x58816d5 0x5880eb0 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697148 registers.edi: 1697372 registers.eax: 0 registers.ebp: 1697384 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5885b10 0x5886d4f 0x5886810 0x58816d5 0x5880eb0 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697360 registers.edi: 1697672 registers.eax: 0 registers.ebp: 1697368 registers.edx: 0 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 43034128	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5887043 0x5886ec8 0x58816bd 0x5880fb2 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697160 registers.edi: 1697384 registers.eax: 0 registers.ebp: 1697396 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5885b10 0x58873e3 0x5886ec8 0x58816bd 0x5880fb2 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697372 registers.edi: 1697672 registers.eax: 0 registers.ebp: 1697380 registers.edx: 0 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 39445332	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5887043 0x5886ec8 0x58816d5 0x5880fb2 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697160 registers.edi: 1697384 registers.eax: 0 registers.ebp: 1697396 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5885b10 0x58873e3 0x5886ec8 0x58816d5 0x5880fb2 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697372 registers.edi: 1697672 registers.eax: 0 registers.ebp: 1697380 registers.edx: 0 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 40941108	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5887043 0x5886ec8 0x58816d5 0x5880fb2 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697160 registers.edi: 1697384 registers.eax: 0 registers.ebp: 1697396 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5885b10 0x58873e3 0x5886ec8 0x58816d5 0x5880fb2 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697372 registers.edi: 1697672 registers.eax: 0 registers.ebp: 1697380 registers.edx: 0 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 42444452	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5887773 0x5887640 0x58816bd 0x588109f 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697244 registers.edi: 1697468 registers.eax: 0 registers.ebp: 1697480 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5885b10 0x5887995 0x5887640 0x58816bd 0x588109f 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697456 registers.edi: 1697672 registers.eax: 0 registers.ebp: 1697464 registers.edx: 0 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 40748292	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5887773 0x5887640 0x58816d5 0x588109f 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697244 registers.edi: 1697468 registers.eax: 0 registers.ebp: 1697480 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5885b10 0x5887995 0x5887640 0x58816d5 0x588109f 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697456 registers.edi: 1697672 registers.eax: 0 registers.ebp: 1697464 registers.edx: 0 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 39230144	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5887773 0x5887640 0x58816d5 0x588109f 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697244 registers.edi: 1697468 registers.eax: 0 registers.ebp: 1697480 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5885b10 0x5887995 0x5887640 0x58816d5 0x588109f 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697456 registers.edi: 1697672 registers.eax: 0 registers.ebp: 1697464 registers.edx: 0 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 39394512	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5887bd0 0x5887ac8 0x58816bd 0x5881174 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697256 registers.edi: 1697480 registers.eax: 0 registers.ebp: 1697492 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:32 p.m.	stacktrace: 0x5885b10 0x5887df0 0x5887ac8 0x58816bd 0x5881174 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697468 registers.edi: 1697672 registers.eax: 0 registers.ebp: 1697476 registers.edx: 0 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 43542344	1
__exception__ Jan. 12, 2025, 2:33 p.m.	stacktrace: 0x5887bd0 0x5887ac8 0x58816d5 0x5881174 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697256 registers.edi: 1697480 registers.eax: 0 registers.ebp: 1697492 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:33 p.m.	stacktrace: 0x5885b10 0x5887df0 0x5887ac8 0x58816d5 0x5881174 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697468 registers.edi: 1697672 registers.eax: 0 registers.ebp: 1697476 registers.edx: 0 registers.ebx: 1699692 registers.esi: 38643124 registers.ecx: 38657764	1
__exception__ Jan. 12, 2025, 2:33 p.m.	stacktrace: 0x5887bd0 0x5887ac8 0x58816d5 0x5881174 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 34 53 f9 04 89 85 4c ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x588221e registers.esp: 1697256 registers.edi: 1697480 registers.eax: 0 registers.ebp: 1697492 registers.edx: 83448260 registers.ebx: 1699692 registers.esi: 38642868 registers.ecx: 0	1
__exception__ Jan. 12, 2025, 2:33 p.m.	stacktrace: 0x5885b10 0x5887df0 0x5887ac8 0x58816d5 0x5881174 0x71f144 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1697468 registers.edi: 1697672 registers.eax: 0 registers.ebp: 1697476 registers.edx: 0 registers.ebx: 1699692 registers.esi: 38642868 registers.ecx: 38940056	1
__exception__ Jan. 12, 2025, 2:33 p.m.	stacktrace: 0x5885b10 0x5888db4 0x58885a5 0x71f172 0x717e4f 0x7126c5 0x7121d6 0x71067f 0x710108 0x71009b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72062652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7207264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72072e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x721274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72127610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x721b1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x721b1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x721b1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x721b416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5885b53 registers.esp: 1698020 registers.edi: 1698268 registers.eax: 0 registers.ebp: 1698028 registers.edx: 0 registers.ebx: 1699692 registers.esi: 40020956 registers.ecx: 40028140	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (50 out of 70 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 1048576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00680000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72061000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72062000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 2031616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f50000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00572000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005e5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005eb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005e7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005cc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00710000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0057a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005da000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005d7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005ca000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00711000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005d6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005db000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005dc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0057c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef58000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef58000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005dd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005d8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020ff000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020f1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00712000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00713000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00714000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005cd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005ec000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00715000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00716000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00717000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020f2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020f3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005de000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00718000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6a572000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00719000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 12, 2025, 2:32 p.m.	process_identifier: 2312 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0071a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Steals private information from local Internet browsers (7 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\lockfile
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Jan. 12, 2025, 2:33 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Queries for potentially installed applications (39 events)

Time & API	Arguments	Status
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x000003b8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: AddressBook base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: Connection Manager base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: DirectDrawEx base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: EditPlus base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: ENTERPRISE base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: Fontcore base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: Google Chrome base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: IE40 base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: IE4Data base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: IE5BAKEX base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: IEData base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: MobileOptionPack base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: SchedulingAgent base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: WIC base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-0019-0412-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-001A-0412-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-001B-0412-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-001F-0409-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-001F-0412-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-0028-0412-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-002C-0412-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-0030-0000-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-0044-0412-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-006E-0409-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-006E-0412-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-00A1-0412-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-00BA-0409-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {90120000-0114-0412-0000-0000000FF1CE} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1
RegOpenKeyExW Jan. 12, 2025, 2:32 p.m.	regkey_r: {d992c12e-cab2-426f-bde3-fb8c53950b0d} base_handle: 0x000003b8 key_handle: 0x000003b0 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}	1

Communicates with host for which no DNS query was performed (1 event)

host

185.81.68.147

Harvests credentials from local FTP client softwares (2 events)

file	C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Collects information about installed applications (27 events)

Time & API	Arguments	Status
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW Jan. 12, 2025, 2:32 p.m.	key_handle: 0x000003b0 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.RedLine.l!c
tehtris	Generic.Malware
CAT-QuickHeal	Trojan.Generic.TRFH1229
Skyhigh	BehavesLike.Win32.AgentTesla.fm
ALYac	Gen:Variant.Jalapeno.421
Cylance	Unsafe
VIPRE	Gen:Variant.Jalapeno.421
Sangfor	Spyware.Msil.Redline.Vkmt
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Variant.Jalapeno.421
K7GW	Spyware ( 0059955a1 )
K7AntiVirus	Spyware ( 0059955a1 )
Arcabit	Trojan.Jalapeno.421
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Generic.Threat
ESET-NOD32	a variant of MSIL/Spy.RedLine.A
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
ClamAV	Win.Malware.Trojanx-9862538-0
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba	TrojanSpy:MSIL/RedLineStealz.db286c19
NANO-Antivirus	Trojan.Win32.Stealer.kusoip
SUPERAntiSpyware	Trojan.Agent/Gen-SpyStealer
MicroWorld-eScan	Gen:Variant.Jalapeno.421
Rising	Stealer.RedLine!1.11745 (CLASSIC)
Emsisoft	Gen:Variant.Jalapeno.421 (B)
F-Secure	Heuristic.HEUR/AGEN.1376350
DrWeb	Trojan.PWS.Stealer.38294
McAfeeD	ti!AAD0D1425BB6
Trapmine	suspicious.low.ml.score
CTX	exe.trojan.msil
Sophos	Troj/Redline-D
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.6260e34e7f5b518f
Jiangmin	TrojanSpy.MSIL.ddcb
Webroot	W32.Trojan.Gen
Google	Detected
Avira	HEUR/AGEN.1376350
Kingsoft	MSIL.Trojan-Spy.Stealer.gen
Gridinsoft	Malware.Win32.RedLine.tr
Xcitium	Malware@#qr780hyodi01
Microsoft	Trojan:MSIL/RedLineStealz.A!MTB
GData	MSIL.Trojan-Stealer.Redline.G
Varist	W32/MSIL_Kryptik.KFT.gen!Eldorado
McAfee	Artemis!6260E34E7F5B
TACHYON	Trojan-Spy/W32.DN-InfoStealer.307712.D
DeepInstinct	MALICIOUS
VBA32	Trojan.MSIL.InfoStealer.gen.U

tmx.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All