Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 21, 2021, 7:17 p.m.	March 21, 2021, 7:20 p.m.

Size	127.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`5c2cd6d19381ac5a4a517c2165b29813`
SHA256	`7a9db6042869b4a1f8e6a9d147c2abc763ba2ff35821ac572949307bb9857c18`
CRC32	`DCF2143F`
ssdeep	`768:cOSvogqMd0UJUu1hK6tf0EKdLE2AeoD9SIV:cOSvogd0K1hxVKdAeoRSIV`
Yara	PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsNET_EXE - (no description) IsWindowsGUI - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT

IMG_724_Scanned_603.pdf "C:\Users\test22\AppData\Local\Temp\IMG_724_Scanned_603.pdf"
2648
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\wPxXGzqOqGMDiW\svchost.exe" -Force
  2044
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\IMG_724_Scanned_603.pdf" -Force
  1632
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\wPxXGzqOqGMDiW\svchost.exe" -Force
  1572
- cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 1
  804
  - timeout.exe timeout 1
    2480
- IMG_724_Scanned_603.pdf "C:\Users\test22\AppData\Local\Temp\IMG_724_Scanned_603.pdf"
  2740

Name	Response	Post-Analysis Lookup
jejendjcjfhh.com	A 172.67.207.35 A 104.21.22.219	104.21.22.219
checkip.dyndns.org	A 131.186.161.70 A 216.146.43.70 A 216.146.43.71 CNAME checkip.dyndns.com A 162.88.193.70 A 131.186.113.70	131.186.113.70
freegeoip.app	A 104.21.19.200 A 172.67.188.154	172.67.188.154

IP Address	Status	Action
104.21.19.200	Active	Moloch
104.21.22.219	Active	Moloch
131.186.161.70	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49200 -> 104.21.22.219:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.101:59369 -> 164.124.101.2:53	2012758	ET INFO DYNAMIC_DNS Query to *.dyndns. Domain	Misc activity
TCP 192.168.56.101:49242 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49228 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49223 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49242	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49223	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49228	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49225 -> 104.21.19.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49230 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49230	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49224	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49227 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49234 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49227	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49232 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49234	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49232	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49229 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49244 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49229	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49233 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49244	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49233	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49231 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49246 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49231	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49238 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49246	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49238	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49237 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49237	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49243 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49243	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49235 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49235	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49236 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49236	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49239 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49239	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49240 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49240	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49241 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49241	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49245 -> 131.186.161.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 131.186.161.70:80 -> 192.168.56.101:49245	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49200 104.21.22.219:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	24:18:b3:f2:70:0a:f0:7c:35:ee:72:e7:30:b2:a1:36:a3:22:a9:7a
TLSv1 192.168.56.101:49225 104.21.19.200:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	a1:b3:fe:fd:e8:05:d5:f2:ad:ee:b3:5b:8c:5f:ae:4f:43:52:5e:89

Queries for the computername (33 events)

Time & API	Arguments	Status	Return
GetComputerNameA March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 21, 2021, 7:18 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (9 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 21, 2021, 7:17 p.m.			0	0
IsDebuggerPresent March 21, 2021, 7:17 p.m.			0	0
IsDebuggerPresent March 21, 2021, 7:18 p.m.			0	0
IsDebuggerPresent March 21, 2021, 7:18 p.m.			0	0
IsDebuggerPresent March 21, 2021, 7:18 p.m.			0	0
IsDebuggerPresent March 21, 2021, 7:18 p.m.			0	0
IsDebuggerPresent March 21, 2021, 7:18 p.m.			0	0
IsDebuggerPresent March 21, 2021, 7:18 p.m.			0	0
IsDebuggerPresent March 21, 2021, 7:18 p.m.			0	0

Command line console output was observed (29 events)

Time & API	Arguments	Status	Return
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function console_handle: 0x00000023	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: , script file, or operable program. Check the spelling of the name, or if a pat console_handle: 0x0000002f	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: h was included, verify that the path is correct and try again. console_handle: 0x0000003b	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: At line:1 char:17 console_handle: 0x00000047	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: + Add-MpPreference <<<< -ExclusionPath C:\Users\Public\Documents\wPxXGzqOqGMDi console_handle: 0x00000053	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: W\svchost.exe -Force console_handle: 0x0000005f	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], Co console_handle: 0x0000006b	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: mmandNotFoundException console_handle: 0x00000077	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: + FullyQualifiedErrorId : CommandNotFoundException console_handle: 0x00000083	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function console_handle: 0x00000023	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: , script file, or operable program. Check the spelling of the name, or if a pat console_handle: 0x0000002f	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: h was included, verify that the path is correct and try again. console_handle: 0x0000003b	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: At line:1 char:17 console_handle: 0x00000047	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: + Add-MpPreference <<<< -ExclusionPath C:\Users\test22\AppData\Local\Temp\IMG_ console_handle: 0x00000053	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: 724_Scanned_603.pdf -Force console_handle: 0x0000005f	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], Co console_handle: 0x0000006b	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: mmandNotFoundException console_handle: 0x00000077	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: + FullyQualifiedErrorId : CommandNotFoundException console_handle: 0x00000083	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function console_handle: 0x00000023	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: , script file, or operable program. Check the spelling of the name, or if a pat console_handle: 0x0000002f	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: h was included, verify that the path is correct and try again. console_handle: 0x0000003b	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: At line:1 char:17 console_handle: 0x00000047	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: + Add-MpPreference <<<< -ExclusionPath C:\Users\Public\Documents\wPxXGzqOqGMDi console_handle: 0x00000053	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: W\svchost.exe -Force console_handle: 0x0000005f	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], Co console_handle: 0x0000006b	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: mmandNotFoundException console_handle: 0x00000077	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: + FullyQualifiedErrorId : CommandNotFoundException console_handle: 0x00000083	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: Waiting for 1 console_handle: 0x00000007	1	1
WriteConsoleW March 21, 2021, 7:18 p.m.	buffer: seconds, press a key to continue ... console_handle: 0x00000007	1	1

Uses Windows APIs to generate a cryptographic key (50 out of 147 events)

Time & API	Arguments	Status	Return
CryptExportKey March 21, 2021, 7:17 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00834cb0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:17 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00834df0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:17 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00834df0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026da00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026df80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026df80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026df80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026db00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026db00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026db00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026db00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026db00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026db00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d5c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d5c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d5c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026df80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026df80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026df80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026de80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026df80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026df80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026df80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026df80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026df80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026df80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026df80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026d700 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026e380 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026e380 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026e380 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026e380 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026e380 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026e380 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026e380 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0026e380 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 21, 2021, 7:18 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00501120 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 21, 2021, 7:17 p.m.		1	1	0

One or more processes crashed (50 out of 341 events)

Time & API	Arguments	Status
__exception__ March 21, 2021, 7:17 p.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x728f1194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x727c2ba1 mscorlib+0x2f45b0 @ 0x6ff345b0 mscorlib+0x2f73b5 @ 0x6ff373b5 mscorlib+0x2eeaf8 @ 0x6ff2eaf8 mscorlib+0x2eea8f @ 0x6ff2ea8f mscorlib+0x30c43f @ 0x6ff4c43f system+0xe8021 @ 0x6ec68021 system+0xe7f77 @ 0x6ec67f77 system+0xd01da @ 0x6ec501da system+0xcec0d @ 0x6ec4ec0d system+0xea387 @ 0x6ec6a387 system+0xcec2d @ 0x6ec4ec2d system+0x6f7869 @ 0x6f9b7869 system+0x6f6e71 @ 0x6f9b6e71 system+0x6f3892 @ 0x6f9b3892 system+0x6f3514 @ 0x6f9b3514 system+0x6f42ec @ 0x6f9b42ec 0x5d0629 0x5d00ab DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 4975992 registers.edi: 0 registers.eax: 4975992 registers.ebp: 4976072 registers.edx: 0 registers.ebx: 8723640 registers.esi: 8023816 registers.ecx: 1022739888	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: 0x5da973e 0x5da8c97 0x5da42bf DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d3711 @ 0x6ff13711 mscorlib+0x308f2d @ 0x6ff48f2d mscorlib+0x2cb060 @ 0x6ff0b060 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 microsoft+0x17e980 @ 0x6e46e980 0x5d0a94 0x5d0a03 0x5d00bd DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 eb 3e 8d 55 e0 0f b6 01 88 02 0f b6 41 01 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: mscorlib+0x324f62 exception.address: 0x6ff64f62 registers.esp: 4974132 registers.edi: 4974156 registers.eax: 0 registers.ebp: 4974168 registers.edx: 0 registers.ebx: 125318276 registers.esi: 4194364 registers.ecx: 4194364	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: 0x1fe32c4 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 39 09 e8 62 bb ec 6d 8b c8 8b 01 8b 40 28 ff 10 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe4fcf registers.esp: 2158192 registers.edi: 2158296 registers.eax: 35656232 registers.ebp: 2158312 registers.edx: 35656232 registers.ebx: 2158532 registers.esi: 36681588 registers.ecx: 0	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe5596 0x1fe32ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6296 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 36688388 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36688388 registers.ecx: 36617236	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe5596 0x1fe32ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe62b7 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36688388 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe5596 0x1fe32ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6344 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36688388 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe5596 0x1fe32ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe63e7 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36688388 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe5596 0x1fe32ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 9c c8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6412 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36688388 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe5596 0x1fe32ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6444 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36688388 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe5596 0x1fe32ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe65bd registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36692420 registers.ecx: 1848779440	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe5596 0x1fe32ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6638 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36692420 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe691a 0x1fe32d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6296 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 36695116 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36695116 registers.ecx: 36617236	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe691a 0x1fe32d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe62b7 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36695116 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe691a 0x1fe32d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6344 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36695116 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe691a 0x1fe32d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe63e7 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36695116 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe691a 0x1fe32d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 9c c8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6412 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36695116 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe691a 0x1fe32d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6444 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36695116 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe691a 0x1fe32d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe65bd registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36697616 registers.ecx: 36697616	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe691a 0x1fe32d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6638 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36697616 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe7112 0x1fe32d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6296 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 36700316 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36700316 registers.ecx: 36617236	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe7112 0x1fe32d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe62b7 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36700316 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe7112 0x1fe32d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6344 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36700316 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe7112 0x1fe32d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe63e7 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36700316 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe7112 0x1fe32d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 9c c8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6412 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36700316 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe7112 0x1fe32d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6444 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36700316 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe7112 0x1fe32d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe65bd registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36702820 registers.ecx: 36702820	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe7112 0x1fe32d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6638 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36702820 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe790a 0x1fe32dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6296 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 36705532 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36705532 registers.ecx: 36617236	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe790a 0x1fe32dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe62b7 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36705532 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe790a 0x1fe32dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6344 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36705532 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe790a 0x1fe32dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe63e7 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36705532 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe790a 0x1fe32dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 9c c8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6412 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36705532 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe790a 0x1fe32dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6444 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36705532 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe790a 0x1fe32dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe65bd registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36708040 registers.ecx: 36708040	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe790a 0x1fe32dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6638 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36708040 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: 0x1fe667f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe8102 0x1fe32e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 7a 12 00 00 83 c2 01 0f exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fed280 registers.esp: 2155496 registers.edi: 36935224 registers.eax: 0 registers.ebp: 2156800 registers.edx: 36934504 registers.ebx: 36934512 registers.esi: 36935300 registers.ecx: 1879295856	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: 0x1fe667f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe8102 0x1fe32e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 3a 12 00 00 89 55 94 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fed2c0 registers.esp: 2155496 registers.edi: 36935224 registers.eax: 0 registers.ebp: 2156800 registers.edx: 0 registers.ebx: 36934512 registers.esi: 36935300 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: 0x1fe667f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe8102 0x1fe32e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 12 12 00 00 c1 e0 04 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fed2f0 registers.esp: 2155496 registers.edi: 36935224 registers.eax: 0 registers.ebp: 2156800 registers.edx: 0 registers.ebx: 36934512 registers.esi: 36935300 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: 0x1fe667f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe8102 0x1fe32e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 dc 11 00 00 c1 e0 04 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fed326 registers.esp: 2155496 registers.edi: 36935224 registers.eax: 0 registers.ebp: 2156800 registers.edx: 0 registers.ebx: 36934512 registers.esi: 36935300 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: 0x1fe667f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe8102 0x1fe32e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 c3 0f 00 00 c1 e0 04 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fed53f registers.esp: 2155492 registers.edi: 2155696 registers.eax: 0 registers.ebp: 2156800 registers.edx: 0 registers.ebx: 36808000 registers.esi: 0 registers.ecx: 717159599	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: 0x1fe667f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1fe8102 0x1fe32e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 4b 04 0f 83 30 07 00 00 c1 e1 04 8d 4c 0b 08 exception.instruction: cmp ecx, dword ptr [ebx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1feddd2 registers.esp: 2155496 registers.edi: 2155696 registers.eax: 0 registers.ebp: 2156800 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: 0x1feead1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f05f @ 0x6e32f05f microsoft+0x3e4d4 @ 0x6e32e4d4 0x1fe81fd 0x1fe32e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 3b 55 08 7f 11 c7 45 d0 06 00 00 00 33 exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1feec64 registers.esp: 2156832 registers.edi: 2156872 registers.eax: 0 registers.ebp: 2156888 registers.edx: 0 registers.ebx: 2157580 registers.esi: 36710776 registers.ecx: 0	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: 0x1feead1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f05f @ 0x6e32f05f microsoft+0x3e4d4 @ 0x6e32e4d4 0x1fe82ea 0x1fe32e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 3b 55 08 7f 11 c7 45 d0 06 00 00 00 33 exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1feec64 registers.esp: 2156832 registers.edi: 2156872 registers.eax: 0 registers.ebp: 2156888 registers.edx: 0 registers.ebx: 2157580 registers.esi: 36710776 registers.ecx: 0	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: 0x1feead1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f05f @ 0x6e32f05f microsoft+0x3e4d4 @ 0x6e32e4d4 0x1fe83d7 0x1fe32e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 3b 55 08 7f 11 c7 45 d0 06 00 00 00 33 exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1feec64 registers.esp: 2156832 registers.edi: 2156872 registers.eax: 0 registers.ebp: 2156888 registers.edx: 0 registers.ebx: 2157580 registers.esi: 36710776 registers.ecx: 0	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: 0x1fe8445 0x1fe32e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 38 01 6a 03 6a 00 33 d2 e8 3f 56 f4 6d 8b f0 ff exception.instruction: cmp byte ptr [ecx], al exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1feee54 registers.esp: 2158156 registers.edi: 36941760 registers.eax: 33484368 registers.ebp: 2158160 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1feef1a 0x1fe32e8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6296 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 36945472 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36945472 registers.ecx: 36617236	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1feef1a 0x1fe32e8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe62b7 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36945472 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1feef1a 0x1fe32e8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6344 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36945472 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1feef1a 0x1fe32e8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe63e7 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36945472 registers.ecx: 5465980	1
__exception__ March 21, 2021, 7:18 p.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x727c1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x727c1737 mscorlib+0x2d36ad @ 0x6ff136ad mscorlib+0x308f2d @ 0x6ff48f2d microsoft+0x50c17 @ 0x6e340c17 microsoft+0x3f33f @ 0x6e32f33f microsoft+0x3edf8 @ 0x6e32edf8 microsoft+0x3e3b9 @ 0x6e32e3b9 0x1feef1a 0x1fe32e8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 9c c8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x1fe6412 registers.esp: 2156816 registers.edi: 2156904 registers.eax: 0 registers.ebp: 2156920 registers.edx: 0 registers.ebx: 2157532 registers.esi: 36945472 registers.ecx: 5465980	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (7 events)

suspicious_features	GET method with no useragent header	suspicious_request	GET http://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F3703A552F71D1430FEA82C966AE9B0.html
suspicious_features	GET method with no useragent header	suspicious_request	GET http://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-00EF07D21C7D5F4678ACBB70D3F3CD39.html
suspicious_features	GET method with no useragent header	suspicious_request	GET http://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-F0229FCF4361E3474252BC51486A1FE9.html
suspicious_features	GET method with no useragent header	suspicious_request	GET https://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F3703A552F71D1430FEA82C966AE9B0.html
suspicious_features	GET method with no useragent header	suspicious_request	GET https://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-00EF07D21C7D5F4678ACBB70D3F3CD39.html
suspicious_features	GET method with no useragent header	suspicious_request	GET https://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-F0229FCF4361E3474252BC51486A1FE9.html
suspicious_features	GET method with no useragent header	suspicious_request	GET https://freegeoip.app/xml/175.208.134.150

Connects to a Dynamic DNS Domain (1 event)

domain

checkip.dyndns.org

Performs some HTTP requests (8 events)

request	GET http://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F3703A552F71D1430FEA82C966AE9B0.html
request	GET http://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-00EF07D21C7D5F4678ACBB70D3F3CD39.html
request	GET http://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-F0229FCF4361E3474252BC51486A1FE9.html
request	GET http://checkip.dyndns.org/
request	GET https://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-8F3703A552F71D1430FEA82C966AE9B0.html
request	GET https://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-00EF07D21C7D5F4678ACBB70D3F3CD39.html
request	GET https://jejendjcjfhh.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-F0229FCF4361E3474252BC51486A1FE9.html
request	GET https://freegeoip.app/xml/175.208.134.150

Allocates read-write-execute memory (usually to unpack itself) (50 out of 500 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 1048576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00660000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00720000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72741000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72742000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00370000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00380000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002c2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002dc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002f5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002fb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002f7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002ca000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002ea000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002e7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002da000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002e6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002eb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002cc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05d90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 69632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05d91000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05da2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05da3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05da4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0xfff30000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0xfff30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0xfff30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0xfff38000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0xfff20000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0xfff20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05da5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05da6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05da7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05da8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05da9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 region_size: 1966080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02950000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02af0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6cc91000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f0a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6cc92000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f02000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f12000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02af1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02af2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0224a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f13000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f14000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0269b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02697000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2044 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f0b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Steals private information from local Internet browsers (7 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file	C:\Users\test22\AppData\Roaming\Opera\Opera\profile\wand.dat
file	C:\Users\test22\AppData\Local\Chromium\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Nichrome\User Data\Default\Login Data

Looks up the external IP address (1 event)

domain

checkip.dyndns.org

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

Creates a suspicious process (6 events)

cmdline	cmd.exe /c timeout 1
cmdline	"C:\Windows\System32\cmd.exe" /c timeout 1
cmdline	powershell Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\wPxXGzqOqGMDiW\svchost.exe" -Force
cmdline	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\wPxXGzqOqGMDiW\svchost.exe" -Force
cmdline	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\IMG_724_Scanned_603.pdf" -Force
cmdline	powershell Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\IMG_724_Scanned_603.pdf" -Force

A process created a hidden window (4 events)

Time & API	Arguments	Status	Return
ShellExecuteExW March 21, 2021, 7:18 p.m.	show_type: 0 filepath_r: powershell parameters: Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\wPxXGzqOqGMDiW\svchost.exe" -Force filepath: powershell	1	1
ShellExecuteExW March 21, 2021, 7:18 p.m.	show_type: 0 filepath_r: powershell parameters: Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\IMG_724_Scanned_603.pdf" -Force filepath: powershell	1	1
ShellExecuteExW March 21, 2021, 7:18 p.m.	show_type: 0 filepath_r: powershell parameters: Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\wPxXGzqOqGMDiW\svchost.exe" -Force filepath: powershell	1	1
ShellExecuteExW March 21, 2021, 7:18 p.m.	show_type: 0 filepath_r: cmd.exe parameters: /c timeout 1 filepath: cmd.exe	1	1

Moves the original executable to a new location (1 event)

Time & API	Arguments	Status	Return	Repeated
MoveFileWithProgressW March 21, 2021, 7:17 p.m.	newfilepath_r: C:\Users\test22\AppData\Local\먗맣맲맻먑먌맥맲먅먚_Inc.\IMG_724_Scanned_603.pdf_Url_vvs4iw2y5v2sf50pz4jnu2gjnxi3j4kz\5.326.540.461\user.config flags: 1 oldfilepath_r: C:\Users\test22\AppData\Local\먗맣맲맻먑먌맥맲먅먚_Inc\IMG_724_Scanned_603.pdf_Url_vvs4iw2y5v2sf50pz4jnu2gjnxi3j4kz\5.326.540.461\rp0baid4.newcfg newfilepath: C:\Users\test22\AppData\Local\먗맣맲맻먑먌맥맲먅먚_Inc\IMG_724_Scanned_603.pdf_Url_vvs4iw2y5v2sf50pz4jnu2gjnxi3j4kz\5.326.540.461\user.config oldfilepath: C:\Users\test22\AppData\Local\먗맣맲맻먑먌맥맲먅먚_Inc\IMG_724_Scanned_603.pdf_Url_vvs4iw2y5v2sf50pz4jnu2gjnxi3j4kz\5.326.540.461\rp0baid4.newcfg	1	1	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses March 21, 2021, 7:17 p.m.	flags: 15 family: 0		111	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (5 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW March 21, 2021, 7:18 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW March 21, 2021, 7:18 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW March 21, 2021, 7:18 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW March 21, 2021, 7:18 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW March 21, 2021, 7:18 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Potentially malicious URLs were found in the process memory dump (50 out of 612 events)

url	http://crl.comodo.net/TrustedCertificateServices.crl0
url	http://users.ocsp.d-trust.net03
url	http://crl.ssc.lt/root-b/cacrl.crl0
url	http://crl.securetrust.com/STCA.crl0
url	http://crl.securetrust.com/SGCA.crl0
url	http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0=
url	http://www.ssc.lt/cps03
url	http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
url	http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAII.crl0
url	http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html0
url	http://www.microsoft.com/pki/certs/TrustListPCA.crt0
url	https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0
url	http://www.pkioverheid.nl/policies/root-policy0
url	http://cps.chambersign.org/cps/chambersroot.html0
url	http://www.e-szigno.hu/SZSZ/0
url	http://www.entrust.net/CRL/Client1.crl0
url	http://crl.chambersign.org/publicnotaryroot.crl0
url	http://crl.comodo.net/AAACertificateServices.crl0
url	http://www.certplus.com/CRL/class3.crl0
url	http://logo.verisign.com/vslogo.gif0
url	http://www.acabogacia.org/doc0
url	http://www.disig.sk/ca/crl/ca_disig.crl0
url	https://www.catcert.net/verarrel
url	http://www.sk.ee/cps/0
url	http://www.quovadis.bm0
url	https://www.catcert.net/verarrel05
url	http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAI.crl0
url	http://crl.chambersign.org/chambersroot.crl0
url	http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAIII.crl0
url	http://crl.globalsign.net/root-r2.crl0
url	http://certificates.starfieldtech.com/repository/1604
url	http://www.d-trust.net0
url	http://pki-root.ecertpki.cl/CertEnroll/E-CERT%20ROOT%20CA.crl0
url	http://crl.ssc.lt/root-a/cacrl.crl0
url	http://crl.usertrust.com/UTN-DATACorpSGC.crl0
url	http://www.certicamara.com/certicamaraca.crl0
url	http://www.d-trust.net/crl/d-trust_root_class_2_ca_2007.crl0
url	http://crl.usertrust.com/UTN-USERFirst-Object.crl0)
url	http://www.post.trust.ie/reposit/cps.html0
url	http://www.d-trust.net/crl/d-trust_qualified_root_ca_1_2007_pn.crl0
url	http://www2.public-trust.com/crl/ct/ctroot.crl0
url	http://www.certicamara.com0
url	http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
url	http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
url	http://www.comsign.co.il/cps0
url	http://crl.usertrust.com/UTN-USERFirst-NetworkApplications.crl0
url	http://www.microsoft.com/pki/crl/products/TrustListPCA.crl
url	http://acraiz.icpbrasil.gov.br/LCRacraiz.crl0
url	http://www.signatur.rtr.at/de/directory/cps.html0
url	http://www.globaltrust.info0

Yara rule detected in process memory (50 out of 354 events)

description	Code injection with CreateRemoteThread in a remote process	rule	inject_thread
description	Create a windows service	rule	create_service
description	Communications over UDP network	rule	network_udp_sock
description	Listen for incoming communication	rule	network_tcp_listen
description	Communications over P2P network	rule	network_p2p_win
description	Communications over HTTP	rule	network_http
description	File downloader/dropper	rule	network_dropper
description	Communications over FTP	rule	network_ftp
description	Communications over RAW socket	rule	network_tcp_socket
description	Communications use DNS	rule	network_dns
description	Communication using dga	rule	network_dga
description	Escalade priviledges	rule	escalate_priv
description	Take screenshot	rule	screenshot
description	Run a keylogger	rule	keylogger
description	Steal credential	rule	cred_local
description	Record Audio	rule	sniff_audio
description	APC queue tasks migration	rule	migrate_apc
description	Malware can spread east-west using share drive	rule	spreading_share
description	Create or check mutex	rule	win_mutex
description	Affect system registries	rule	win_registry
description	Affect system token	rule	win_token
description	Affect private profile	rule	win_private_profile
description	Affect private profile	rule	win_files_operation
description	Match Winsock 2 API library declaration	rule	Str_Win32_Winsock2_Library
description	Match Windows Inet API library declaration	rule	Str_Win32_Wininet_Library
description	Match Windows Inet API call	rule	Str_Win32_Internet_API
description	Match Windows Http API call	rule	Str_Win32_Http_API
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerCheck__RemoteAPI
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__ConsoleCtrl
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	(no description)	rule	Check_Dlls
description	Checks if being debugged	rule	anti_dbg
description	Anti-Sandbox checks for ThreatExpert	rule	antisb_threatExpert
description	Bypass DEP	rule	disable_dep
description	Affect hook table	rule	win_hook
description	Listen for incoming communication	rule	network_tcp_listen
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Bypass DEP	rule	disable_dep
description	Listen for incoming communication	rule	network_tcp_listen

Terminates another process (12 events)

Time & API	Arguments	Status
NtTerminateProcess March 21, 2021, 7:18 p.m.	status_code: 0xffffffff process_identifier: 1348 process_handle: 0x000006e8
NtTerminateProcess March 21, 2021, 7:18 p.m.	status_code: 0xffffffff process_identifier: 1348 process_handle: 0x000006e8	1
NtTerminateProcess March 21, 2021, 7:18 p.m.	status_code: 0xffffffff process_identifier: 2264 process_handle: 0x000006f8
NtTerminateProcess March 21, 2021, 7:18 p.m.	status_code: 0xffffffff process_identifier: 2264 process_handle: 0x000006f8	1
NtTerminateProcess March 21, 2021, 7:18 p.m.	status_code: 0xffffffff process_identifier: 1032 process_handle: 0x00000710
NtTerminateProcess March 21, 2021, 7:18 p.m.	status_code: 0xffffffff process_identifier: 1032 process_handle: 0x00000710	1
NtTerminateProcess March 21, 2021, 7:18 p.m.	status_code: 0xffffffff process_identifier: 2072 process_handle: 0x00000720
NtTerminateProcess March 21, 2021, 7:18 p.m.	status_code: 0xffffffff process_identifier: 2072 process_handle: 0x00000720	1
NtTerminateProcess March 21, 2021, 7:18 p.m.	status_code: 0xffffffff process_identifier: 2408 process_handle: 0x00000728
NtTerminateProcess March 21, 2021, 7:18 p.m.	status_code: 0xffffffff process_identifier: 2408 process_handle: 0x00000728	1
NtTerminateProcess March 21, 2021, 7:18 p.m.	status_code: 0xffffffff process_identifier: 1828 process_handle: 0x00000730
NtTerminateProcess March 21, 2021, 7:18 p.m.	status_code: 0xffffffff process_identifier: 1828 process_handle: 0x00000730	1

Allocates execute permission to another process indicative of possible code injection (7 events)

Time & API	Arguments	Status	Return
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 1348 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000708		3221225496
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2264 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000704		3221225496
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 1032 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000070c		3221225496
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2072 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000714		3221225496
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2408 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000071c		3221225496
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 1828 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000724		3221225496
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2740 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000072c	1	0

Attempts to identify installed AV products by installation directory (1 event)

file	C:\Users\test22\AppData\Local\AVAST Software\Browser\User Data\Default\Login Data

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\qLqKXNKbOaSPNhl

reg_value

C:\Users\Public\Documents\wPxXGzqOqGMDiW\svchost.exe

Harvests credentials from local FTP client softwares (1 event)

file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Harvests information related to installed instant messenger clients (1 event)

file	C:\Users\test22\AppData\Roaming\.purple\accounts.xml

Manipulates memory of a non-child process indicative of process injection (12 events)

Time & API	Arguments	Return	Repeated
Process injection	Process 2648 manipulating memory of non-child process 1348
Process injection	Process 2648 manipulating memory of non-child process 2264
Process injection	Process 2648 manipulating memory of non-child process 1032
Process injection	Process 2648 manipulating memory of non-child process 2072
Process injection	Process 2648 manipulating memory of non-child process 2408
Process injection	Process 2648 manipulating memory of non-child process 1828
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 1348 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000708	3221225496	0
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2264 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000704	3221225496	0
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 1032 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000070c	3221225496	0
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2072 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000714	3221225496	0
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 2408 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000071c	3221225496	0
NtAllocateVirtualMemory March 21, 2021, 7:18 p.m.	process_identifier: 1828 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000724	3221225496	0

Potential code injection by writing to the memory of another process (4 events)

Time & API	Arguments	Status	Return
WriteProcessMemory March 21, 2021, 7:18 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELÿH`à(~G `@ @0GK`À H.text' ( `.rsrcÀ`*@@.reloc.@B base_address: 0x00400000 process_identifier: 2740 process_handle: 0x0000072c	1	1
WriteProcessMemory March 21, 2021, 7:18 p.m.	buffer: 0 HX`häh4VS_VERSION_INFO½ïþ?ÈStringFileInfo¤040904b1, CommentsWFnb VTRC(CompanyNameXTv8FileDescriptionJAz RfI0FileVersion7.8.8.1: InternalNameSwjX JzC.exez+LegalCopyrightCopyright 2020 © MHJ. All rights reserved.2LegalTrademarksOWbXB OriginalFilenameSwjX JzC.exe2 ProductNameSwjX JzC4ProductVersion2.0.5.58Assembly Version2.0.5.5DVarFileInfo$Translation PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING base_address: 0x00466000 process_identifier: 2740 process_handle: 0x0000072c	1	1
WriteProcessMemory March 21, 2021, 7:18 p.m.	buffer: @768dfd5c9e470652632286e8a263c48c3 base_address: 0x00468000 process_identifier: 2740 process_handle: 0x0000072c	1	1
WriteProcessMemory March 21, 2021, 7:18 p.m.	buffer: @ base_address: 0xfffde008 process_identifier: 2740 process_handle: 0x0000072c	1	1

Code injection by writing an executable or DLL to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory March 21, 2021, 7:18 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELÿH`à(~G `@ @0GK`À H.text' ( `.rsrcÀ`*@@.reloc.@B base_address: 0x00400000 process_identifier: 2740 process_handle: 0x0000072c	1	1	0

Harvests credentials from local email clients (3 events)

registry	HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
registry	HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
registry	HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2648 called NtSetContextThread to modify thread in remote process 2740
NtSetContextThread March 21, 2021, 7:18 p.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4605822 registers.ebp: 0 registers.edx: 0 registers.ebx: -139264 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000730 process_identifier: 2740	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2648 resumed a thread in remote process 2740
NtResumeThread March 21, 2021, 7:18 p.m.	thread_handle: 0x00000730 suspend_count: 1 process_identifier: 2740	1	0	0

The process powershell.exe wrote an executable file to disk (20 events)

file	C:\Windows\System32\ie4uinit.exe
file	C:\Program Files\Windows Sidebar\sidebar.exe
file	C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file	C:\Windows\System32\xpsrchvw.exe
file	C:\Windows\System32\displayswitch.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file	C:\Windows\System32\mblctr.exe
file	C:\Windows\System32\mstsc.exe
file	C:\Windows\System32\SnippingTool.exe
file	C:\Windows\System32\SoundRecorder.exe
file	C:\Windows\System32\dfrgui.exe
file	C:\Windows\System32\msinfo32.exe
file	C:\Windows\System32\rstrui.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file	C:\Program Files\Windows Journal\Journal.exe
file	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
file	C:\Windows\System32\MdSched.exe
file	C:\Windows\System32\msconfig.exe
file	C:\Windows\System32\recdisc.exe
file	C:\Windows\System32\msra.exe

Executed a process and injected code into it, probably while unpacking (50 out of 99 events)

Time & API	Arguments	Status	Return
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x00000158 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x00000194 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x00000418 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000002a4 suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtSetContextThread March 21, 2021, 7:17 p.m.	registers.eip: 1920740228 registers.esp: 4976200 registers.edi: 2737529 registers.eax: 2097202 registers.ebp: 4976204 registers.edx: 106439928 registers.ebx: 105456776 registers.esi: 2245969 registers.ecx: 111915000 thread_handle: 0x000000ec process_identifier: 2648	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtGetContextThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec	1	0
NtResumeThread March 21, 2021, 7:17 p.m.	thread_handle: 0x000000ec suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread March 21, 2021, 7:18 p.m.	thread_handle: 0x000002b8 suspend_count: 1 process_identifier: 2648	1	0
CreateProcessInternalW March 21, 2021, 7:18 p.m.	thread_identifier: 556 thread_handle: 0x000006bc process_identifier: 2044 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe track: 1 command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\wPxXGzqOqGMDiW\svchost.exe" -Force filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000006c0	1	1
NtResumeThread March 21, 2021, 7:18 p.m.	thread_handle: 0x000006ac suspend_count: 1 process_identifier: 2648	1	0
CreateProcessInternalW March 21, 2021, 7:18 p.m.	thread_identifier: 2840 thread_handle: 0x000006c8 process_identifier: 1632 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe track: 1 command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\IMG_724_Scanned_603.pdf" -Force filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000006e0	1	1

File has been identified by 33 AntiVirus engines on VirusTotal as malicious (33 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.36537603
McAfee	Artemis!5C2CD6D19381
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan-Downloader ( 0057964b1 )
BitDefender	Trojan.GenericKD.36537603
K7GW	Trojan-Downloader ( 0057964b1 )
Cyren	W32/MSIL_Kryptik.DQG.gen!Eldorado
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.HPD
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	HEUR:Trojan.MSIL.PowerShell.gen
AegisLab	Trojan.Multi.Generic.4!c
Rising	Downloader.Agent!8.B23 (CLOUD)
Ad-Aware	Trojan.GenericKD.36537603
Emsisoft	Trojan.GenericKD.36537603 (B)
DrWeb	Trojan.DownLoader37.62775
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.5c2cd6d19381ac5a
Sophos	Mal/Generic-S
Ikarus	Trojan-Downloader.MSIL.Agent
Webroot	W32.Trojan.Gen
MAX	malware (ai score=83)
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:MSIL/AgentTesla.MS!MTB
GData	Trojan.GenericKD.36537603
SentinelOne	Static AI - Malicious PE
Fortinet	MSIL/Agent.HPD!tr.dldr
BitDefenderTheta	Gen:NN.ZemsilF.34628.hm0@a8mxuJni
AVG	Win32:Trojan-gen
CrowdStrike	win/malicious_confidence_80% (W)
Qihoo-360	Win32/Trojan.Generic.HgIASREA

IMG_724_Scanned_603.pdf

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All