Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Feb. 3, 2025, 12:57 p.m.	Feb. 3, 2025, 1:06 p.m.

Size	993.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bec536220cd7d3a6e449502f08273664`
SHA256	`471fa9a125c98decd00e727886e5ddf15da64cb1456d29b15c344c4239872167`
CRC32	`B1E5E409`
ssdeep	`24576:3AHnh+eWsN3skA4RV1Hom2KXFmIaG8KvaXu14zq5:qh+ZkldoPK1XaGmXut`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Process_Snapshot_Kill_Zero - Process Kill Zero FindFirstVolume_Zero - FindFirstVolume Zero CryptGenKey_Zero - CryptGenKey Zero Device_Check_Zero - Device Check Zero IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

suwce.exe "C:\Users\test22\AppData\Local\Temp\suwce.exe"
1932
- RegSvcs.exe "C:\Users\test22\AppData\Local\Temp\suwce.exe"
  2096

Name	Response	Post-Analysis Lookup
reallyfreegeoip.org	A 104.21.16.1 A 104.21.96.1 A 104.21.112.1 A 104.21.64.1 A 104.21.80.1 A 104.21.32.1 A 104.21.48.1	104.21.64.1
api.telegram.org	A 149.154.167.220	149.154.167.220
checkip.dyndns.org	A 132.226.8.169 CNAME checkip.dyndns.com A 193.122.130.0 A 132.226.247.73 A 158.101.44.242 A 193.122.6.168	193.122.130.0

IP Address	Status	Action
104.21.80.1	Active	Moloch
149.154.167.220	Active	Moloch
158.101.44.242	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:50800 -> 8.8.8.8:53	2051430	ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)	Misc activity
UDP 192.168.56.103:64894 -> 164.124.101.2:53	2033966	ET HUNTING Telegram API Domain in DNS Lookup	Misc activity
TCP 192.168.56.103:49165 -> 158.101.44.242:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49165 -> 158.101.44.242:80	2039190	ET INFO 404/Snake/Matiex Keylogger Style External IP Check	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49165 -> 158.101.44.242:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49165 -> 158.101.44.242:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49165 -> 158.101.44.242:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49165 -> 158.101.44.242:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49165 -> 158.101.44.242:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49165 -> 158.101.44.242:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49165 -> 158.101.44.242:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49165 -> 158.101.44.242:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49165 -> 158.101.44.242:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2043238	ET INFO External IP Lookup Domain in DNS Query (checkip .dyndns .org)	Device Retrieving External IP Address Detected
UDP 192.168.56.103:50800 -> 164.124.101.2:53	2051430	ET INFO External IP Address Lookup Domain in DNS Lookup (reallyfreegeoip .org)	Misc activity
TCP 149.154.167.220:443 -> 192.168.56.103:49167	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 149.154.167.220:443	2033967	ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)	Misc activity
TCP 192.168.56.103:49167 -> 149.154.167.220:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49167 -> 149.154.167.220:443	2033967	ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)	Misc activity
TCP 192.168.56.103:49166 -> 104.21.80.1:443	2051431	ET INFO External IP Lookup Service Domain (reallyfreegeoip .org) in TLS SNI	Misc activity
TCP 192.168.56.103:49166 -> 104.21.80.1:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49167 -> 149.154.167.220:443	2033967	ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)	Misc activity

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49166 104.21.80.1:443	C=US, O=Google Trust Services, CN=WE1	CN=reallyfreegeoip.org	77:9e:e5:ed:c0:be:47:9d:90:a1:1a:ba:1b:43:cf:9f:09:b4:3a:3b

Queries for the computername (3 events)

Time & API	Arguments	Status	Return
GetComputerNameW Feb. 3, 2025, 12:57 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 3, 2025, 12:57 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 3, 2025, 12:57 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (3 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 3, 2025, 12:57 p.m.			0	0
IsDebuggerPresent Feb. 3, 2025, 12:57 p.m.			0	0
IsDebuggerPresent Feb. 3, 2025, 12:57 p.m.			0	0

Uses Windows APIs to generate a cryptographic key (6 events)

Time & API	Arguments	Status	Return
CryptExportKey Feb. 3, 2025, 12:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x008842d8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Feb. 3, 2025, 12:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00884318 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Feb. 3, 2025, 12:57 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00884318 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Feb. 3, 2025, 12:58 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x05535588 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Feb. 3, 2025, 12:58 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x05535588 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Feb. 3, 2025, 12:58 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00927ed8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Feb. 3, 2025, 12:57 p.m.		1	1	0

One or more processes crashed (48 events)

Time & API	Arguments	Status
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: 0xb83b11 0xb831d8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 01 8b 40 30 ff 50 0c 89 85 78 ff ff ff 8b 85 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb83d3c registers.esp: 2682100 registers.edi: 2682444 registers.eax: 0 registers.ebp: 2682456 registers.edx: 38067 registers.ebx: 2682668 registers.esi: 38212136 registers.ecx: 0	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0xb86dde 0xb8326b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 50 04 b8 01 00 00 00 2b d0 71 05 e8 8d 91 37 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d3b4 registers.esp: 2680036 registers.edi: 2680872 registers.eax: 0 registers.ebp: 2682060 registers.edx: 0 registers.ebx: 0 registers.esi: 39179696 registers.ecx: 1	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0xb86dde 0xb8326b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 31 91 37 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d410 registers.esp: 2680036 registers.edi: 2680872 registers.eax: 0 registers.ebp: 2682060 registers.edx: 0 registers.ebx: 0 registers.esi: 39179696 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0xb86dde 0xb8326b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 77 90 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d448 registers.esp: 2680036 registers.edi: 2680872 registers.eax: 0 registers.ebp: 2682060 registers.edx: 0 registers.ebx: 0 registers.esi: 39179696 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0xb86dde 0xb8326b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 1d 90 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d4a2 registers.esp: 2680036 registers.edi: 2680872 registers.eax: 0 registers.ebp: 2682060 registers.edx: 0 registers.ebx: 0 registers.esi: 39179696 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0xb86dde 0xb8326b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 b7 8d 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d708 registers.esp: 2680032 registers.edi: 2680276 registers.eax: 0 registers.ebp: 2682060 registers.edx: 0 registers.ebx: 0 registers.esi: 39179696 registers.ecx: 2323498148	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0xb86dde 0xb8326b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 4f 04 72 05 e8 04 84 37 73 c1 e1 04 8d 4c 0f exception.instruction: cmp ecx, dword ptr [edi + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8e0bb registers.esp: 2680036 registers.edi: 0 registers.eax: 0 registers.ebp: 2682060 registers.edx: 0 registers.ebx: 0 registers.esi: 39179696 registers.ecx: 0	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0xb86e23 0xb8326b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682084 registers.edi: 2682152 registers.eax: 0 registers.ebp: 2682168 registers.edx: 0 registers.ebx: 0 registers.esi: 39179696 registers.ecx: 39451360	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0xb86e40 0xb8326b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682084 registers.edi: 2682152 registers.eax: 3 registers.ebp: 2682168 registers.edx: 0 registers.ebx: 0 registers.esi: 39179696 registers.ecx: 39451360	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0xb86e63 0xb8326b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682084 registers.edi: 2682152 registers.eax: 5 registers.ebp: 2682168 registers.edx: 0 registers.ebx: 0 registers.esi: 39179696 registers.ecx: 39451360	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb86e7b 0xb8326b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 39 09 e8 1c 96 d1 71 89 45 ec 6a 00 8b 15 24 23 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f20d registers.esp: 2682268 registers.edi: 2682488 registers.eax: 0 registers.ebp: 2682292 registers.edx: 0 registers.ebx: 2682668 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x5045ef5 0xb83494 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 50 04 b8 01 00 00 00 2b d0 71 05 e8 8d 91 37 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d3b4 registers.esp: 2680016 registers.edi: 2680852 registers.eax: 0 registers.ebp: 2682040 registers.edx: 0 registers.ebx: 0 registers.esi: 39641364 registers.ecx: 1	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x5045ef5 0xb83494 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 31 91 37 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d410 registers.esp: 2680016 registers.edi: 2680852 registers.eax: 0 registers.ebp: 2682040 registers.edx: 0 registers.ebx: 0 registers.esi: 39641364 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x5045ef5 0xb83494 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 77 90 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d448 registers.esp: 2680016 registers.edi: 2680852 registers.eax: 0 registers.ebp: 2682040 registers.edx: 0 registers.ebx: 0 registers.esi: 39641364 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x5045ef5 0xb83494 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 1d 90 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d4a2 registers.esp: 2680016 registers.edi: 2680852 registers.eax: 0 registers.ebp: 2682040 registers.edx: 0 registers.ebx: 0 registers.esi: 39641364 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x5045ef5 0xb83494 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 b7 8d 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d708 registers.esp: 2680012 registers.edi: 2680256 registers.eax: 0 registers.ebp: 2682040 registers.edx: 0 registers.ebx: 0 registers.esi: 39641364 registers.ecx: 2323498148	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x5045ef5 0xb83494 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 4f 04 72 05 e8 04 84 37 73 c1 e1 04 8d 4c 0f exception.instruction: cmp ecx, dword ptr [edi + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8e0bb registers.esp: 2680016 registers.edi: 0 registers.eax: 0 registers.ebp: 2682040 registers.edx: 0 registers.ebx: 0 registers.esi: 39641364 registers.ecx: 0	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0x5045f38 0xb83494 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682064 registers.edi: 2682132 registers.eax: 1 registers.ebp: 2682148 registers.edx: 0 registers.ebx: 0 registers.esi: 39641364 registers.ecx: 39838276	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0x5045f5a 0xb83494 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682064 registers.edi: 2682132 registers.eax: 4 registers.ebp: 2682148 registers.edx: 0 registers.ebx: 0 registers.esi: 39641364 registers.ecx: 39838276	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0x5045f7c 0xb83494 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682064 registers.edi: 2682132 registers.eax: 2 registers.ebp: 2682148 registers.edx: 0 registers.ebx: 0 registers.esi: 39641364 registers.ecx: 39838276	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0x5045fa1 0xb83494 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682064 registers.edi: 2682132 registers.eax: 3 registers.ebp: 2682148 registers.edx: 0 registers.ebx: 0 registers.esi: 39641364 registers.ecx: 39838276	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0x5045fd5 0xb83494 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 39 09 e8 1c 96 d1 71 89 45 ec 6a 00 8b 15 24 23 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f20d registers.esp: 2682248 registers.edi: 2682488 registers.eax: 0 registers.ebp: 2682272 registers.edx: 0 registers.ebx: 2682668 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x5061dc7 0xb835a5 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 50 04 b8 01 00 00 00 2b d0 71 05 e8 8d 91 37 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d3b4 registers.esp: 2680108 registers.edi: 2680944 registers.eax: 0 registers.ebp: 2682132 registers.edx: 0 registers.ebx: 0 registers.esi: 39934420 registers.ecx: 1	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x5061dc7 0xb835a5 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 31 91 37 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d410 registers.esp: 2680108 registers.edi: 2680944 registers.eax: 0 registers.ebp: 2682132 registers.edx: 0 registers.ebx: 0 registers.esi: 39934420 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x5061dc7 0xb835a5 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 77 90 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d448 registers.esp: 2680108 registers.edi: 2680944 registers.eax: 0 registers.ebp: 2682132 registers.edx: 0 registers.ebx: 0 registers.esi: 39934420 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x5061dc7 0xb835a5 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 1d 90 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d4a2 registers.esp: 2680108 registers.edi: 2680944 registers.eax: 0 registers.ebp: 2682132 registers.edx: 0 registers.ebx: 0 registers.esi: 39934420 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x5061dc7 0xb835a5 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 b7 8d 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d708 registers.esp: 2680104 registers.edi: 2680348 registers.eax: 0 registers.ebp: 2682132 registers.edx: 0 registers.ebx: 0 registers.esi: 39934420 registers.ecx: 2323498148	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x5061dc7 0xb835a5 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 4f 04 72 05 e8 04 84 37 73 c1 e1 04 8d 4c 0f exception.instruction: cmp ecx, dword ptr [edi + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8e0bb registers.esp: 2680108 registers.edi: 0 registers.eax: 0 registers.ebp: 2682132 registers.edx: 0 registers.ebx: 0 registers.esi: 39934420 registers.ecx: 0	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0x5061e0a 0xb835a5 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682156 registers.edi: 2682224 registers.eax: 0 registers.ebp: 2682240 registers.edx: 0 registers.ebx: 0 registers.esi: 39934420 registers.ecx: 40128916	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0x5061e26 0xb835a5 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682156 registers.edi: 2682224 registers.eax: 1 registers.ebp: 2682240 registers.edx: 0 registers.ebx: 0 registers.esi: 39934420 registers.ecx: 40128916	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x506808a 0xb836b6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 50 04 b8 01 00 00 00 2b d0 71 05 e8 8d 91 37 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d3b4 registers.esp: 2680092 registers.edi: 2680928 registers.eax: 0 registers.ebp: 2682116 registers.edx: 0 registers.ebx: 0 registers.esi: 40219744 registers.ecx: 1	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x506808a 0xb836b6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 31 91 37 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d410 registers.esp: 2680092 registers.edi: 2680928 registers.eax: 0 registers.ebp: 2682116 registers.edx: 0 registers.ebx: 0 registers.esi: 40219744 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x506808a 0xb836b6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 77 90 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d448 registers.esp: 2680092 registers.edi: 2680928 registers.eax: 0 registers.ebp: 2682116 registers.edx: 0 registers.ebx: 0 registers.esi: 40219744 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x506808a 0xb836b6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 1d 90 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d4a2 registers.esp: 2680092 registers.edi: 2680928 registers.eax: 0 registers.ebp: 2682116 registers.edx: 0 registers.ebx: 0 registers.esi: 40219744 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x506808a 0xb836b6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 b7 8d 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d708 registers.esp: 2680088 registers.edi: 2680332 registers.eax: 0 registers.ebp: 2682116 registers.edx: 0 registers.ebx: 0 registers.esi: 40219744 registers.ecx: 2323498148	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x506808a 0xb836b6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 4f 04 72 05 e8 04 84 37 73 c1 e1 04 8d 4c 0f exception.instruction: cmp ecx, dword ptr [edi + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8e0bb registers.esp: 2680092 registers.edi: 0 registers.eax: 0 registers.ebp: 2682116 registers.edx: 0 registers.ebx: 0 registers.esi: 40219744 registers.ecx: 0	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0x50680cd 0xb836b6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682140 registers.edi: 2682208 registers.eax: 1 registers.ebp: 2682224 registers.edx: 0 registers.ebx: 0 registers.esi: 40219744 registers.ecx: 40242344	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0x50680e9 0xb836b6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682140 registers.edi: 2682208 registers.eax: 2 registers.ebp: 2682224 registers.edx: 0 registers.ebx: 0 registers.esi: 40219744 registers.ecx: 40242344	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0x5068105 0xb836b6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682140 registers.edi: 2682208 registers.eax: 3 registers.ebp: 2682224 registers.edx: 0 registers.ebx: 0 registers.esi: 40219744 registers.ecx: 40242344	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x506fa6a 0xb837c7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 50 04 b8 01 00 00 00 2b d0 71 05 e8 8d 91 37 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d3b4 registers.esp: 2680092 registers.edi: 2680928 registers.eax: 0 registers.ebp: 2682116 registers.edx: 0 registers.ebx: 0 registers.esi: 40336480 registers.ecx: 1	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x506fa6a 0xb837c7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 31 91 37 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d410 registers.esp: 2680092 registers.edi: 2680928 registers.eax: 0 registers.ebp: 2682116 registers.edx: 0 registers.ebx: 0 registers.esi: 40336480 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x506fa6a 0xb837c7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 77 90 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d448 registers.esp: 2680092 registers.edi: 2680928 registers.eax: 0 registers.ebp: 2682116 registers.edx: 0 registers.ebx: 0 registers.esi: 40336480 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x506fa6a 0xb837c7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 1d 90 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d4a2 registers.esp: 2680092 registers.edi: 2680928 registers.eax: 0 registers.ebp: 2682116 registers.edx: 0 registers.ebx: 0 registers.esi: 40336480 registers.ecx: 8792484	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x506fa6a 0xb837c7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 b7 8d 37 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8d708 registers.esp: 2680088 registers.edi: 2680332 registers.eax: 0 registers.ebp: 2682116 registers.edx: 0 registers.ebx: 0 registers.esi: 40336480 registers.ecx: 2323498148	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8c09b 0x506fa6a 0xb837c7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 4f 04 72 05 e8 04 84 37 73 c1 e1 04 8d 4c 0f exception.instruction: cmp ecx, dword ptr [edi + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8e0bb registers.esp: 2680092 registers.edi: 0 registers.eax: 0 registers.ebp: 2682116 registers.edx: 0 registers.ebx: 0 registers.esi: 40336480 registers.ecx: 0	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0x506faad 0xb837c7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682140 registers.edi: 2682208 registers.eax: 0 registers.ebp: 2682224 registers.edx: 0 registers.ebx: 0 registers.esi: 40336480 registers.ecx: 40466944	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0x506fac9 0xb837c7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682140 registers.edi: 2682208 registers.eax: 1 registers.ebp: 2682224 registers.edx: 0 registers.ebx: 0 registers.esi: 40336480 registers.ecx: 40466944	1
__exception__ Feb. 3, 2025, 12:58 p.m.	stacktrace: 0xb8ee40 0x506fae5 0xb837c7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73c72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73c8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73c82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73d374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73d37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73dc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73dc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73dc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73dc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7465f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74317f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74314de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb8f049 registers.esp: 2682140 registers.edi: 2682208 registers.eax: 2 registers.ebp: 2682224 registers.edx: 0 registers.ebx: 0 registers.esi: 40336480 registers.ecx: 40466944	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

GET method with no useragent header

suspicious_request

GET https://reallyfreegeoip.org/xml/121.133.128.1

Connects to a Dynamic DNS Domain (1 event)

domain

checkip.dyndns.org

Performs some HTTP requests (2 events)

request	GET http://checkip.dyndns.org/
request	GET https://reallyfreegeoip.org/xml/121.133.128.1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 100 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 1932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c3e000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 2097152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b10000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00cd0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c71000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c72000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 1703936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b10000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00815000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0081b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00817000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005ec000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003fa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b81000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005fa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005fb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005ea000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b82000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b83000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b84000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b85000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b86000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b87000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b88000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b8c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b8d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b8f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ea0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ea1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ea2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ea3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ea4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ea5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ea6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ea7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ea8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ea9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04eaa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04eab000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04eac000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ead000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04eae000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04eaf000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05040000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05041000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:58 p.m.	process_identifier: 2096 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05042000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Steals private information from local Internet browsers (21 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Top Sites
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\History
file	C:\Users\test22\AppData\Roaming\Opera\Opera\profile\wand.dat
file	C:\Users\test22\AppData\Local\Chromium\User Data\Default\Top Sites
file	C:\Users\test22\AppData\Local\Chromium\User Data\Default\Network\Cookies
file	C:\Users\test22\AppData\Local\Chromium\User Data\Default\History
file	C:\Users\test22\AppData\Local\Chromium\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Chromium\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data\Default\History
file	C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Network\Cookies
file	C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Top Sites
file	C:\Users\test22\AppData\Local\Nichrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Nichrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Nichrome\User Data\Default\History
file	C:\Users\test22\AppData\Local\Nichrome\User Data\Default\Network\Cookies
file	C:\Users\test22\AppData\Local\Nichrome\User Data\Default\Top Sites

Looks up the external IP address (1 event)

domain

checkip.dyndns.org

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Feb. 3, 2025, 12:57 p.m.	flags: 15 family: 0		111	0

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x0002e000', u'virtual_address': u'0x000c8000', u'entropy': 7.710724921139407, u'name': u'.rsrc', u'virtual_size': u'0x0002de0c'}

entropy

7.71072492114

description

A section with a high entropy has been found

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Feb. 3, 2025, 12:57 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Attempts to identify installed AV products by installation directory (1 event)

file	C:\Users\test22\AppData\Local\AVAST Software\Browser\User Data\Default\Login Data

Harvests credentials from local FTP client softwares (1 event)

file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Harvests information related to installed instant messenger clients (1 event)

file	C:\Users\test22\AppData\Roaming\.purple\accounts.xml

Harvests credentials from local email clients (3 events)

registry	HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
registry	HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
registry	HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 1932 called NtSetContextThread to modify thread in remote process 2096
NtSetContextThread Feb. 3, 2025, 12:57 p.m.	registers.eip: 2005598660 registers.esp: 2685336 registers.edi: 0 registers.eax: 4474542 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000138 process_identifier: 2096	1	0	0

File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Autoit.i!c
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.Ghanarava.1738504499273664
Skyhigh	BehavesLike.Win32.TrojanAitInject.dh
ALYac	Trojan.GenericKD.75665945
Cylance	Unsafe
VIPRE	Trojan.GenericKD.75665752
Sangfor	Virus.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKD.75665752
K7GW	Trojan ( 005c0c431 )
K7AntiVirus	Trojan ( 005c0c431 )
Arcabit	Trojan.Generic.D4829158
VirIT	Trojan.Win32.Dnldr28.CHVH
Symantec	Trojan.Gen.2
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Injector.Autoit.GVA
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan-PSW.Win32.Stealer.cmeg
Alibaba	TrojanPSW:Win32/Stealer.ab34cbb5
MicroWorld-eScan	Trojan.GenericKD.75665752
Emsisoft	Trojan.GenericKD.75665752 (B)
F-Secure	Trojan.TR/AD.SnakeStealer.ygcwf
DrWeb	Trojan.AutoIt.1584
McAfeeD	ti!471FA9A125C9
CTX	exe.trojan.autoit
Sophos	Mal/Generic-S
FireEye	Trojan.GenericKD.75665752
Google	Detected
Avira	TR/AD.SnakeStealer.ygcwf
Antiy-AVL	Trojan/Win32.AgentTesla
Kingsoft	Win32.Trojan-PSW.Stealer.cmeg
Microsoft	Backdoor:MSIL/Bladabindi!rfn
ViRobot	Trojan.Win.Z.Agent.1017344
GData	Trojan.GenericKD.75665752
Varist	W32/Autoit.DJKN-9047
McAfee	Artemis!BEC536220CD7
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.1789382041
Ikarus	Trojan.Autoit
Panda	Trj/CI.A
Tencent	Win32.Trojan-QQPass.QQRob.Bnhl
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	AutoIt/Injector.GUU!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
alibabacloud	Backdoor:Win/Bladabindi.Gen

suwce.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All