Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	March 22, 2021, 9:56 a.m.	March 22, 2021, 9:58 a.m.

Size	335.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`4ac557f524400a9007c6c8e6912e9e1f`
SHA256	`621c08e8f0b10550a1a20f440f0c9f14d6d108a6df9968a78146140faa88f426`
CRC32	`5C47F824`
ssdeep	`1536:9pyzpUwQUHBcK9SOIswr2AU03KMX+xQV8YH4teRSIO:9pyzpUwQUHBctr209VYtepO`
Yara	PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsNET_EXE - (no description) IsWindowsGUI - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT

PO_107658_200.pdf "C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf"
4244
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe" -Force
  8780
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf" -Force
  3800
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe" -Force
  1160
- cmd.exe "C:\Windows\System32\cmd.exe" /c timeout 1
  4884
  - timeout.exe timeout 1
    4772
- PO_107658_200.pdf "C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf"
  5272

Name	Response	Post-Analysis Lookup
liverpoolsupporters9.com	A 104.21.88.100 A 172.67.176.78	172.67.176.78
checkip.dyndns.org	A 131.186.161.70 A 216.146.43.70 A 216.146.43.71 CNAME checkip.dyndns.com A 162.88.193.70 A 131.186.113.70	162.88.193.70
freegeoip.app	A 104.21.19.200 A 172.67.188.154	172.67.188.154

IP Address	Status	Action
104.21.19.200	Active	Moloch
162.88.193.70	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
172.67.176.78	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49818 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49825 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49822 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49818	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49822	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49825	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49824 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49819 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49824	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49831 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49835 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49819	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49829 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49835	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49829	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49820 -> 104.21.19.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49840 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49826 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49840	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49830 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49831	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49827 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49826	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49830	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49827	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49833 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49828 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49833	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49828	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49836 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49832 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49836	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49832	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49837 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49837	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49839 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49839	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
UDP 192.168.56.102:61459 -> 164.124.101.2:53	2012758	ET INFO DYNAMIC_DNS Query to *.dyndns. Domain	Misc activity
TCP 192.168.56.102:49821 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49821	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49823 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49823	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49834 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49834	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49838 -> 162.88.193.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 162.88.193.70:80 -> 192.168.56.102:49838	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49820 104.21.19.200:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	a1:b3:fe:fd:e8:05:d5:f2:ad:ee:b3:5b:8c:5f:ae:4f:43:52:5e:89

Queries for the computername (31 events)

Time & API	Arguments	Status	Return
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 22, 2021, 9:56 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (7 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 22, 2021, 9:56 a.m.			0	0
IsDebuggerPresent March 22, 2021, 9:56 a.m.			0	0
IsDebuggerPresent March 22, 2021, 9:56 a.m.			0	0
IsDebuggerPresent March 22, 2021, 9:56 a.m.			0	0
IsDebuggerPresent March 22, 2021, 9:56 a.m.			0	0
IsDebuggerPresent March 22, 2021, 9:56 a.m.			0	0
IsDebuggerPresent March 22, 2021, 9:56 a.m.			0	0

Command line console output was observed (29 events)

Time & API	Arguments	Status	Return
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function console_handle: 0x00000023	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: , script file, or operable program. Check the spelling of the name, or if a pat console_handle: 0x0000002f	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: h was included, verify that the path is correct and try again. console_handle: 0x0000003b	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: At line:1 char:17 console_handle: 0x00000047	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: + Add-MpPreference <<<< -ExclusionPath C:\Windows\Resources\Themes\GmLqzrYmyvj console_handle: 0x00000053	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: aqntEnxHPYWNYByrf\svchost.exe -Force console_handle: 0x0000005f	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], Co console_handle: 0x0000006b	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: mmandNotFoundException console_handle: 0x00000077	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: + FullyQualifiedErrorId : CommandNotFoundException console_handle: 0x00000083	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function console_handle: 0x00000023	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: , script file, or operable program. Check the spelling of the name, or if a pat console_handle: 0x0000002f	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: h was included, verify that the path is correct and try again. console_handle: 0x0000003b	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: At line:1 char:17 console_handle: 0x00000047	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: + Add-MpPreference <<<< -ExclusionPath C:\Users\test22\AppData\Local\Temp\PO_1 console_handle: 0x00000053	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: 07658_200.pdf -Force console_handle: 0x0000005f	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], Co console_handle: 0x0000006b	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: mmandNotFoundException console_handle: 0x00000077	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: + FullyQualifiedErrorId : CommandNotFoundException console_handle: 0x00000083	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function console_handle: 0x00000023	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: , script file, or operable program. Check the spelling of the name, or if a pat console_handle: 0x0000002f	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: h was included, verify that the path is correct and try again. console_handle: 0x0000003b	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: At line:1 char:17 console_handle: 0x00000047	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: + Add-MpPreference <<<< -ExclusionPath C:\Windows\Resources\Themes\GmLqzrYmyvj console_handle: 0x00000053	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: aqntEnxHPYWNYByrf\svchost.exe -Force console_handle: 0x0000005f	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], Co console_handle: 0x0000006b	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: mmandNotFoundException console_handle: 0x00000077	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: + FullyQualifiedErrorId : CommandNotFoundException console_handle: 0x00000083	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: Waiting for 1 console_handle: 0x00000007	1	1
WriteConsoleW March 22, 2021, 9:56 a.m.	buffer: seconds, press a key to continue ... console_handle: 0x00000007	1	1

Uses Windows APIs to generate a cryptographic key (50 out of 147 events)

Time & API	Arguments	Status	Return
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006a6d98 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006a6e58 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006a6e58 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397640 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398300 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398300 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398300 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398300 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398300 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398300 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397e80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397e80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397e80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397ac0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00398400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397680 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397680 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397680 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397680 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397680 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397680 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397680 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397680 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397680 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397680 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397680 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397680 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397680 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397680 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397b80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397b80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397b80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397b80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397b80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397b80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397b80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00397b80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 22, 2021, 9:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x004764c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 22, 2021, 9:56 a.m.		1	1	0

One or more processes crashed (50 out of 339 events)

Time & API	Arguments	Status
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: 0x793332 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 39 09 e8 82 b5 68 64 8b c8 8b 01 8b 40 28 ff 10 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7955af registers.esp: 2420292 registers.edi: 2420396 registers.eax: 38867496 registers.ebp: 2420412 registers.edx: 38867496 registers.ebx: 2420644 registers.esi: 40381916 registers.ecx: 0	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x795b76 0x793338 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796876 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 40388716 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40388716 registers.ecx: 40347580	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x795b76 0x793338 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796897 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40388716 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x795b76 0x793338 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796924 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40388716 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x795b76 0x793338 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7969c7 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40388716 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x795b76 0x793338 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 bc c2 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7969f2 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40388716 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x795b76 0x793338 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 78 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796a24 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40388716 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x795b76 0x793338 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 78 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796b9d registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40392748 registers.ecx: 1879646896	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x795b76 0x793338 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796c18 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40392748 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x796efa 0x79333e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796876 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 40395444 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40395444 registers.ecx: 40347580	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x796efa 0x79333e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796897 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40395444 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x796efa 0x79333e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796924 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40395444 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x796efa 0x79333e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7969c7 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40395444 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x796efa 0x79333e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 bc c2 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7969f2 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40395444 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x796efa 0x79333e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 78 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796a24 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40395444 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x796efa 0x79333e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 78 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796b9d registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40397944 registers.ecx: 40397944	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x796efa 0x79333e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796c18 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40397944 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x7976f2 0x793344 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796876 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 40400644 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40400644 registers.ecx: 40347580	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x7976f2 0x793344 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796897 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40400644 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x7976f2 0x793344 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796924 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40400644 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x7976f2 0x793344 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7969c7 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40400644 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x7976f2 0x793344 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 bc c2 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7969f2 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40400644 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x7976f2 0x793344 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 78 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796a24 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40400644 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x7976f2 0x793344 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 78 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796b9d registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40403148 registers.ecx: 40403148	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x7976f2 0x793344 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796c18 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40403148 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x797eea 0x79334a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796876 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 40405860 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40405860 registers.ecx: 40347580	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x797eea 0x79334a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796897 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40405860 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x797eea 0x79334a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796924 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40405860 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x797eea 0x79334a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7969c7 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40405860 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x797eea 0x79334a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 bc c2 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7969f2 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40405860 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x797eea 0x79334a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 78 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796a24 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40405860 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x797eea 0x79334a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 78 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796b9d registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40408368 registers.ecx: 40408368	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x797eea 0x79334a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796c18 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40408368 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: 0x796c5f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x7986e2 0x793350 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 7a 12 00 00 83 c2 01 0f exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79d860 registers.esp: 2417592 registers.edi: 40797244 registers.eax: 0 registers.ebp: 2418896 registers.edx: 40796524 registers.ebx: 40796532 registers.esi: 40797320 registers.ecx: 1694156656	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: 0x796c5f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x7986e2 0x793350 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 3a 12 00 00 89 55 94 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79d8a0 registers.esp: 2417592 registers.edi: 40797244 registers.eax: 0 registers.ebp: 2418896 registers.edx: 0 registers.ebx: 40796532 registers.esi: 40797320 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: 0x796c5f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x7986e2 0x793350 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 12 12 00 00 c1 e0 04 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79d8d0 registers.esp: 2417592 registers.edi: 40797244 registers.eax: 0 registers.ebp: 2418896 registers.edx: 0 registers.ebx: 40796532 registers.esi: 40797320 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: 0x796c5f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x7986e2 0x793350 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 dc 11 00 00 c1 e0 04 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79d906 registers.esp: 2417592 registers.edi: 40797244 registers.eax: 0 registers.ebp: 2418896 registers.edx: 0 registers.ebx: 40796532 registers.esi: 40797320 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: 0x796c5f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x7986e2 0x793350 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 c3 0f 00 00 c1 e0 04 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79db1f registers.esp: 2417588 registers.edi: 2417792 registers.eax: 0 registers.ebp: 2418896 registers.edx: 0 registers.ebx: 40620968 registers.esi: 0 registers.ecx: 972179994	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: 0x796c5f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x7986e2 0x793350 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 4b 04 0f 83 30 07 00 00 c1 e1 04 8d 4c 0b 08 exception.instruction: cmp ecx, dword ptr [ebx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79e3b2 registers.esp: 2417592 registers.edi: 2417792 registers.eax: 0 registers.ebp: 2418896 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: 0x79f0b1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f05f @ 0x7009f05f microsoft+0x3e4d4 @ 0x7009e4d4 0x7987dd 0x793350 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 3b 55 08 7f 11 c7 45 d0 06 00 00 00 33 exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79f244 registers.esp: 2418928 registers.edi: 2418968 registers.eax: 0 registers.ebp: 2418984 registers.edx: 0 registers.ebx: 2419680 registers.esi: 40411104 registers.ecx: 0	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: 0x79f0b1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f05f @ 0x7009f05f microsoft+0x3e4d4 @ 0x7009e4d4 0x7988ca 0x793350 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 3b 55 08 7f 11 c7 45 d0 06 00 00 00 33 exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79f244 registers.esp: 2418928 registers.edi: 2418968 registers.eax: 0 registers.ebp: 2418984 registers.edx: 0 registers.ebx: 2419680 registers.esi: 40411104 registers.ecx: 0	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: 0x79f0b1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f05f @ 0x7009f05f microsoft+0x3e4d4 @ 0x7009e4d4 0x7989b7 0x793350 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 3b 55 08 7f 11 c7 45 d0 06 00 00 00 33 exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79f244 registers.esp: 2418928 registers.edi: 2418968 registers.eax: 0 registers.ebp: 2418984 registers.edx: 0 registers.ebx: 2419680 registers.esi: 40411104 registers.ecx: 0	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: 0x798a25 0x793350 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 38 01 6a 03 6a 00 33 d2 e8 5f 50 70 64 8b f0 ff exception.instruction: cmp byte ptr [ecx], al exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x79f434 registers.esp: 2420256 registers.edi: 40803780 registers.eax: 7992368 registers.ebp: 2420260 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x79f4fa 0x793356 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796876 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 40807492 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40807492 registers.ecx: 40347580	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x79f4fa 0x793356 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796897 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40807492 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x79f4fa 0x793356 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796924 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40807492 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x79f4fa 0x793356 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7969c7 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40807492 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x79f4fa 0x793356 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 bc c2 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7969f2 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40807492 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x79f4fa 0x793356 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 78 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796a24 registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40807492 registers.ecx: 5408860	1
__exception__ March 22, 2021, 9:56 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x700b0c17 microsoft+0x3f33f @ 0x7009f33f microsoft+0x3edf8 @ 0x7009edf8 microsoft+0x3e3b9 @ 0x7009e3b9 0x79f4fa 0x793356 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 78 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x796b9d registers.esp: 2418912 registers.edi: 2419000 registers.eax: 0 registers.ebp: 2419016 registers.edx: 0 registers.ebx: 2419632 registers.esi: 40810012 registers.ecx: 40810012	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (4 events)

suspicious_features	GET method with no useragent header	suspicious_request	GET http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5945125BA39050CC5933CF0C1B36419D.html
suspicious_features	GET method with no useragent header	suspicious_request	GET http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-43E8645E63EE68E099B116467826FCEA.html
suspicious_features	GET method with no useragent header	suspicious_request	GET http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C3D2B2E00FD2D0A487EE9D3E4ED34E37.html
suspicious_features	GET method with no useragent header	suspicious_request	GET https://freegeoip.app/xml/175.208.134.150

Connects to a Dynamic DNS Domain (1 event)

domain

checkip.dyndns.org

Performs some HTTP requests (5 events)

request	GET http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5945125BA39050CC5933CF0C1B36419D.html
request	GET http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-43E8645E63EE68E099B116467826FCEA.html
request	GET http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C3D2B2E00FD2D0A487EE9D3E4ED34E37.html
request	GET http://checkip.dyndns.org/
request	GET https://freegeoip.app/xml/175.208.134.150

Allocates read-write-execute memory (usually to unpack itself) (50 out of 550 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 720896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00390000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6fba1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6fba2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 393216 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00440000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00460000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003bc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003db000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003aa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003ca000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003c7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003ba000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003c6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003cb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003ac000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08230000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 147456 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08231000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08255000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08256000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0xfff30000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0xfff30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0xfff30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0xfff38000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0xfff20000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0xfff20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08257000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08258000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x08259000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0825a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0825b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0825c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00800000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00800000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00800000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00801000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00801000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00801000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00801000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00801000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00801000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00801000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00801000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00801000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00801000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 4244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00801000 process_handle: 0xffffffff	1

Steals private information from local Internet browsers (7 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file	C:\Users\test22\AppData\Roaming\Opera\Opera\profile\wand.dat
file	C:\Users\test22\AppData\Local\Chromium\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Nichrome\User Data\Default\Login Data

Looks up the external IP address (1 event)

domain

checkip.dyndns.org

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

Creates a suspicious process (6 events)

cmdline	powershell Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe" -Force
cmdline	cmd.exe /c timeout 1
cmdline	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe" -Force
cmdline	"C:\Windows\System32\cmd.exe" /c timeout 1
cmdline	powershell Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf" -Force
cmdline	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf" -Force

A process created a hidden window (4 events)

Time & API	Arguments	Status	Return
ShellExecuteExW March 22, 2021, 9:56 a.m.	show_type: 0 filepath_r: powershell parameters: Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe" -Force filepath: powershell	1	1
ShellExecuteExW March 22, 2021, 9:56 a.m.	show_type: 0 filepath_r: powershell parameters: Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf" -Force filepath: powershell	1	1
ShellExecuteExW March 22, 2021, 9:56 a.m.	show_type: 0 filepath_r: powershell parameters: Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe" -Force filepath: powershell	1	1
ShellExecuteExW March 22, 2021, 9:56 a.m.	show_type: 0 filepath_r: cmd.exe parameters: /c timeout 1 filepath: cmd.exe	1	1

Moves the original executable to a new location (1 event)

Time & API	Arguments	Status	Return	Repeated
MoveFileWithProgressW March 22, 2021, 9:56 a.m.	newfilepath_r: C:\Users\test22\AppData\Local\ᐕ᏶ᏴᐇᐄᏧᐁᏯᐔᏲᏭᐆᏥᏠᐎᐗᐄᐌᏧᏵᐌᐈᏴᐘᐐ\PO_107658_200.pdf_Url_bcaagskpz141cocyav1tf0kd513qfaar\5.164.659.254\user.config flags: 1 oldfilepath_r: C:\Users\test22\AppData\Local\ᐕ᏶ᏴᐇᐄᏧᐁᏯᐔᏲᏭᐆᏥᏠᐎᐗᐄᐌᏧᏵᐌᐈᏴᐘᐐ\PO_107658_200.pdf_Url_bcaagskpz141cocyav1tf0kd513qfaar\5.164.659.254\pgspuwq3.newcfg newfilepath: C:\Users\test22\AppData\Local\ᐕ᏶ᏴᐇᐄᏧᐁᏯᐔᏲᏭᐆᏥᏠᐎᐗᐄᐌᏧᏵᐌᐈᏴᐘᐐ\PO_107658_200.pdf_Url_bcaagskpz141cocyav1tf0kd513qfaar\5.164.659.254\user.config oldfilepath: C:\Users\test22\AppData\Local\ᐕ᏶ᏴᐇᐄᏧᐁᏯᐔᏲᏭᐆᏥᏠᐎᐗᐄᐌᏧᏵᐌᐈᏴᐘᐐ\PO_107658_200.pdf_Url_bcaagskpz141cocyav1tf0kd513qfaar\5.164.659.254\pgspuwq3.newcfg	1	1	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses March 22, 2021, 9:56 a.m.	flags: 15 family: 0		111	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (5 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW March 22, 2021, 9:56 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW March 22, 2021, 9:56 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW March 22, 2021, 9:56 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW March 22, 2021, 9:56 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW March 22, 2021, 9:56 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Yara rule detected in process memory (13 events)

description	Listen for incoming communication	rule	network_tcp_listen
description	Communications smtp	rule	network_smtp_dotNet
description	Run a keylogger	rule	keylogger
description	Affect private profile	rule	win_files_operation
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Affect hook table	rule	win_hook

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

Allocates execute permission to another process indicative of possible code injection (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 5272 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000534	1	0	0

Attempts to identify installed AV products by installation directory (1 event)

file	C:\Users\test22\AppData\Local\AVAST Software\Browser\User Data\Default\Login Data

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\wcxoecpeRtxzhTPvfKr

reg_value

C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe

Harvests credentials from local FTP client softwares (1 event)

file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Harvests information related to installed instant messenger clients (1 event)

file	C:\Users\test22\AppData\Roaming\.purple\accounts.xml

Potential code injection by writing to the memory of another process (4 events)

Time & API	Arguments	Status	Return
WriteProcessMemory March 22, 2021, 9:56 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELÆ8`à>\ `@ @´[W`À H.text< > `.rsrcÀ`@@@.relocD@B base_address: 0x00400000 process_identifier: 5272 process_handle: 0x00000534	1	1
WriteProcessMemory March 22, 2021, 9:56 a.m.	buffer: 0 HX`häh4VS_VERSION_INFO½ïþ?ÈStringFileInfo¤040904b1, CommentsRPBJ SHVc(CompanyNameTQh8FileDescriptionQtz MfU0FileVersion2.5.4.1: InternalNameUlcS Xbh.exez+LegalCopyrightCopyright 2020 © DBa. All rights reserved.2LegalTrademarksBaLVB OriginalFilenameUlcS Xbh.exe2 ProductNameUlcS Xbh4ProductVersion4.4.5.78Assembly Version4.4.5.7DVarFileInfo$Translation PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING base_address: 0x00466000 process_identifier: 5272 process_handle: 0x00000534	1	1
WriteProcessMemory March 22, 2021, 9:56 a.m.	buffer: P<bbf9cb53e3c88d8b60d8faae5bcb82fa base_address: 0x00468000 process_identifier: 5272 process_handle: 0x00000534	1	1
WriteProcessMemory March 22, 2021, 9:56 a.m.	buffer: @ base_address: 0xfffde008 process_identifier: 5272 process_handle: 0x00000534	1	1

Code injection by writing an executable or DLL to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory March 22, 2021, 9:56 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELÆ8`à>\ `@ @´[W`À H.text< > `.rsrcÀ`@@@.relocD@B base_address: 0x00400000 process_identifier: 5272 process_handle: 0x00000534	1	1	0

Harvests credentials from local email clients (3 events)

registry	HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
registry	HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
registry	HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 4244 called NtSetContextThread to modify thread in remote process 5272
NtSetContextThread March 22, 2021, 9:56 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4611086 registers.ebp: 0 registers.edx: 0 registers.ebx: -139264 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000520 process_identifier: 5272	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 4244 resumed a thread in remote process 5272
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x00000520 suspend_count: 1 process_identifier: 5272	1	0	0

The process powershell.exe wrote an executable file to disk (20 events)

file	C:\Windows\System32\ie4uinit.exe
file	C:\Program Files\Windows Sidebar\sidebar.exe
file	C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file	C:\Windows\System32\xpsrchvw.exe
file	C:\Windows\System32\displayswitch.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file	C:\Windows\System32\mblctr.exe
file	C:\Windows\System32\mstsc.exe
file	C:\Windows\System32\SnippingTool.exe
file	C:\Windows\System32\SoundRecorder.exe
file	C:\Windows\System32\dfrgui.exe
file	C:\Windows\System32\msinfo32.exe
file	C:\Windows\System32\rstrui.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file	C:\Program Files\Windows Journal\Journal.exe
file	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
file	C:\Windows\System32\MdSched.exe
file	C:\Windows\System32\msconfig.exe
file	C:\Windows\System32\recdisc.exe
file	C:\Windows\System32\msra.exe

Detects VirtualBox through the presence of a file (5 events)

file	C:\Windows\System32\drivers\VBoxSF.sys
file	C:\Windows\System32\vboxservice.exe
file	C:\Windows\System32\drivers\VBoxGuest.sys
file	C:\Windows\System32\drivers\VBoxMouse.sys
file	C:\Windows\System32\drivers\VBoxVideo.sys

Detects VMWare through the presence of various files (1 event)

file	C:\Windows\System32\drivers\Vmmouse.sys

File has been identified by 22 AntiVirus engines on VirusTotal as malicious (22 events)

Elastic	malicious (high confidence)
FireEye	Generic.mg.4ac557f524400a90
Qihoo-360	HEUR/QVM03.0.0697.Malware.Gen
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.7346a6
Cyren	W32/MSIL_Kryptik.DQG.gen!Eldorado
APEX	Malicious
Avast	Win32:RATX-gen [Trj]
McAfee-GW-Edition	Artemis!Trojan
SentinelOne	Static AI - Malicious PE
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 90)
McAfee	Artemis!4AC557F52440
Malwarebytes	Trojan.Crypt.MSIL
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.HPJ
Rising	Downloader.Agent!8.B23 (CLOUD)
eGambit	Unsafe.AI_Score_87%
Fortinet	MSIL/Agent.HPD!tr.dldr
BitDefenderTheta	Gen:NN.ZemsilF.34628.um0@aOXSs!fi
AVG	Win32:RATX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (D)

Executed a process and injected code into it, probably while unpacking (50 out of 52 events)

Time & API	Arguments	Status	Return
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 4244	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x00000158 suspend_count: 1 process_identifier: 4244	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x0000019c suspend_count: 1 process_identifier: 4244	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x00000418 suspend_count: 1 process_identifier: 4244	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000002d8 suspend_count: 1 process_identifier: 4244	1	0
NtGetContextThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000000f0	1	0
NtGetContextThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000000f0	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000000f0 suspend_count: 1 process_identifier: 4244	1	0
NtGetContextThread March 22, 2021, 9:56 a.m.	thread_handle: 0x00000418	1	0
NtGetContextThread March 22, 2021, 9:56 a.m.	thread_handle: 0x00000418	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x00000418 suspend_count: 1 process_identifier: 4244	1	0
NtGetContextThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000000f0	1	0
NtGetContextThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000000f0	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000000f0 suspend_count: 1 process_identifier: 4244	1	0
NtGetContextThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000000f0	1	0
NtGetContextThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000000f0	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000000f0 suspend_count: 1 process_identifier: 4244	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000002ac suspend_count: 1 process_identifier: 4244	1	0
CreateProcessInternalW March 22, 2021, 9:56 a.m.	thread_identifier: 6096 thread_handle: 0x000004ec process_identifier: 8780 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe track: 1 command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe" -Force filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000004f0	1	1
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000004e0 suspend_count: 1 process_identifier: 4244	1	0
CreateProcessInternalW March 22, 2021, 9:56 a.m.	thread_identifier: 6952 thread_handle: 0x000004d8 process_identifier: 3800 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe track: 1 command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf" -Force filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x0000050c	1	1
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000004fc suspend_count: 1 process_identifier: 4244	1	0
CreateProcessInternalW March 22, 2021, 9:56 a.m.	thread_identifier: 2776 thread_handle: 0x00000508 process_identifier: 1160 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe track: 1 command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe" -Force filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x00000528	1	1
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x00000518 suspend_count: 1 process_identifier: 4244	1	0
CreateProcessInternalW March 22, 2021, 9:56 a.m.	thread_identifier: 2268 thread_handle: 0x00000524 process_identifier: 4884 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\cmd.exe track: 1 command_line: "C:\Windows\System32\cmd.exe" /c timeout 1 filepath_r: C:\Windows\System32\cmd.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x00000540	1	1
CreateProcessInternalW March 22, 2021, 9:56 a.m.	thread_identifier: 4404 thread_handle: 0x00000520 process_identifier: 5272 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000534	1	1
NtGetContextThread March 22, 2021, 9:56 a.m.	thread_handle: 0x00000520	1	0
NtAllocateVirtualMemory March 22, 2021, 9:56 a.m.	process_identifier: 5272 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000534	1	0
WriteProcessMemory March 22, 2021, 9:56 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELÆ8`à>\ `@ @´[W`À H.text< > `.rsrcÀ`@@@.relocD@B base_address: 0x00400000 process_identifier: 5272 process_handle: 0x00000534	1	1
WriteProcessMemory March 22, 2021, 9:56 a.m.	buffer: base_address: 0x00402000 process_identifier: 5272 process_handle: 0x00000534	1	1
WriteProcessMemory March 22, 2021, 9:56 a.m.	buffer: 0 HX`häh4VS_VERSION_INFO½ïþ?ÈStringFileInfo¤040904b1, CommentsRPBJ SHVc(CompanyNameTQh8FileDescriptionQtz MfU0FileVersion2.5.4.1: InternalNameUlcS Xbh.exez+LegalCopyrightCopyright 2020 © DBa. All rights reserved.2LegalTrademarksBaLVB OriginalFilenameUlcS Xbh.exe2 ProductNameUlcS Xbh4ProductVersion4.4.5.78Assembly Version4.4.5.7DVarFileInfo$Translation PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING base_address: 0x00466000 process_identifier: 5272 process_handle: 0x00000534	1	1
WriteProcessMemory March 22, 2021, 9:56 a.m.	buffer: P<bbf9cb53e3c88d8b60d8faae5bcb82fa base_address: 0x00468000 process_identifier: 5272 process_handle: 0x00000534	1	1
WriteProcessMemory March 22, 2021, 9:56 a.m.	buffer: @ base_address: 0xfffde008 process_identifier: 5272 process_handle: 0x00000534	1	1
NtSetContextThread March 22, 2021, 9:56 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4611086 registers.ebp: 0 registers.edx: 0 registers.ebx: -139264 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000520 process_identifier: 5272	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x00000520 suspend_count: 1 process_identifier: 5272	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000002a4 suspend_count: 1 process_identifier: 8780	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000002f8 suspend_count: 1 process_identifier: 8780	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x00000454 suspend_count: 1 process_identifier: 8780	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000004b4 suspend_count: 1 process_identifier: 8780	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x0000029c suspend_count: 1 process_identifier: 3800	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000002f0 suspend_count: 1 process_identifier: 3800	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x0000044c suspend_count: 1 process_identifier: 3800	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000004ac suspend_count: 1 process_identifier: 3800	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000002ac suspend_count: 1 process_identifier: 1160	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x00000300 suspend_count: 1 process_identifier: 1160	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x0000045c suspend_count: 1 process_identifier: 1160	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000004bc suspend_count: 1 process_identifier: 1160	1	0
CreateProcessInternalW March 22, 2021, 9:56 a.m.	thread_identifier: 3724 thread_handle: 0x00000084 process_identifier: 4772 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\timeout.exe track: 1 command_line: timeout 1 filepath_r: C:\Windows\system32\timeout.exe stack_pivoted: 0 creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 1 process_handle: 0x00000088	1	1
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 5272	1	0
NtResumeThread March 22, 2021, 9:56 a.m.	thread_handle: 0x00000158 suspend_count: 1 process_identifier: 5272	1	0

PO_107658_200.pdf

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All