popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

PO_107658_200.pdf

AsyncRAT Antivirus
  1. Resubmit sample
    Category Machine Started Completed
    FILE s1_win7_x6402 March 22, 2021, 9:56 a.m. March 22, 2021, 9:58 a.m.
    Size 335.0KB
    Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
    MD5 4ac557f524400a9007c6c8e6912e9e1f
    SHA256 621c08e8f0b10550a1a20f440f0c9f14d6d108a6df9968a78146140faa88f426
    CRC32 5C47F824
    ssdeep 1536:9pyzpUwQUHBcK9SOIswr2AU03KMX+xQV8YH4teRSIO:9pyzpUwQUHBctr209VYtepO
    Yara
    • PE_Header_Zero - PE File Signature Zero
    • IsPE32 - (no description)
    • IsNET_EXE - (no description)
    • IsWindowsGUI - (no description)
    • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT

    Name Response Post-Analysis Lookup
    liverpoolsupporters9.com
    A 104.21.88.100
    A 172.67.176.78
    		172.67.176.78
    checkip.dyndns.org
    A 131.186.161.70
    A 216.146.43.70
    A 216.146.43.71
    CNAME checkip.dyndns.com
    A 162.88.193.70
    A 131.186.113.70
    		162.88.193.70
    freegeoip.app
    A 104.21.19.200
    A 172.67.188.154
    		172.67.188.154
    IP Address Status Action
    104.21.19.200 Active Moloch
    162.88.193.70 Active Moloch
    164.124.101.2 Active Moloch
    172.217.25.14 Active Moloch
    172.67.176.78 Active Moloch

    Suricata Alerts

    Flow SID Signature Category
    TCP 192.168.56.102:49818 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49825 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49822 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49818 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49822 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49825 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49824 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49819 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49824 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49831 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49835 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49819 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49829 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49835 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49829 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49820 -> 104.21.19.200:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
    TCP 192.168.56.102:49840 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49826 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49840 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49830 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49831 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49827 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49826 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49830 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49827 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49833 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49828 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49833 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49828 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49836 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49832 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49836 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49832 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49837 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49837 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49839 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49839 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    UDP 192.168.56.102:61459 -> 164.124.101.2:53 2012758 ET INFO DYNAMIC_DNS Query to *.dyndns. Domain Misc activity
    TCP 192.168.56.102:49821 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49821 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49823 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49823 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49834 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49834 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected
    TCP 192.168.56.102:49838 -> 162.88.193.70:80 2021378 ET POLICY External IP Lookup - checkip.dyndns.org Device Retrieving External IP Address Detected
    TCP 162.88.193.70:80 -> 192.168.56.102:49838 2014932 ET POLICY DynDNS CheckIp External IP Address Server Response Device Retrieving External IP Address Detected

    Suricata TLS

    Flow Issuer Subject Fingerprint
    TLSv1
    192.168.56.102:49820
    104.21.19.200:443     		C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3 C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com a1:b3:fe:fd:e8:05:d5:f2:ad:ee:b3:5b:8c:5f:ae:4f:43:52:5e:89

    Time & API Arguments Status Return Repeated

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameA

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameA

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameA

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0

    GetComputerNameW

    		 computer_name: TEST22-PC
    		1 1 0
    Time & API Arguments Status Return Repeated

    IsDebuggerPresent

    		 0 0

    IsDebuggerPresent

    		 0 0

    IsDebuggerPresent

    		 0 0

    IsDebuggerPresent

    		 0 0

    IsDebuggerPresent

    		 0 0

    IsDebuggerPresent

    		 0 0

    IsDebuggerPresent

    		 0 0
    Time & API Arguments Status Return Repeated

    WriteConsoleW

    		 buffer: The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function
    console_handle: 0x00000023
    		1 1 0

    WriteConsoleW

    		 buffer: , script file, or operable program. Check the spelling of the name, or if a pat
    console_handle: 0x0000002f
    		1 1 0

    WriteConsoleW

    		 buffer: h was included, verify that the path is correct and try again.
    console_handle: 0x0000003b
    		1 1 0

    WriteConsoleW

    		 buffer: At line:1 char:17
    console_handle: 0x00000047
    		1 1 0

    WriteConsoleW

    		 buffer: + Add-MpPreference <<<< -ExclusionPath C:\Windows\Resources\Themes\GmLqzrYmyvj
    console_handle: 0x00000053
    		1 1 0

    WriteConsoleW

    		 buffer: aqntEnxHPYWNYByrf\svchost.exe -Force
    console_handle: 0x0000005f
    		1 1 0

    WriteConsoleW

    		 buffer: + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], Co
    console_handle: 0x0000006b
    		1 1 0

    WriteConsoleW

    		 buffer: mmandNotFoundException
    console_handle: 0x00000077
    		1 1 0

    WriteConsoleW

    		 buffer: + FullyQualifiedErrorId : CommandNotFoundException
    console_handle: 0x00000083
    		1 1 0

    WriteConsoleW

    		 buffer: The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function
    console_handle: 0x00000023
    		1 1 0

    WriteConsoleW

    		 buffer: , script file, or operable program. Check the spelling of the name, or if a pat
    console_handle: 0x0000002f
    		1 1 0

    WriteConsoleW

    		 buffer: h was included, verify that the path is correct and try again.
    console_handle: 0x0000003b
    		1 1 0

    WriteConsoleW

    		 buffer: At line:1 char:17
    console_handle: 0x00000047
    		1 1 0

    WriteConsoleW

    		 buffer: + Add-MpPreference <<<< -ExclusionPath C:\Users\test22\AppData\Local\Temp\PO_1
    console_handle: 0x00000053
    		1 1 0

    WriteConsoleW

    		 buffer: 07658_200.pdf -Force
    console_handle: 0x0000005f
    		1 1 0

    WriteConsoleW

    		 buffer: + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], Co
    console_handle: 0x0000006b
    		1 1 0

    WriteConsoleW

    		 buffer: mmandNotFoundException
    console_handle: 0x00000077
    		1 1 0

    WriteConsoleW

    		 buffer: + FullyQualifiedErrorId : CommandNotFoundException
    console_handle: 0x00000083
    		1 1 0

    WriteConsoleW

    		 buffer: The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function
    console_handle: 0x00000023
    		1 1 0

    WriteConsoleW

    		 buffer: , script file, or operable program. Check the spelling of the name, or if a pat
    console_handle: 0x0000002f
    		1 1 0

    WriteConsoleW

    		 buffer: h was included, verify that the path is correct and try again.
    console_handle: 0x0000003b
    		1 1 0

    WriteConsoleW

    		 buffer: At line:1 char:17
    console_handle: 0x00000047
    		1 1 0

    WriteConsoleW

    		 buffer: + Add-MpPreference <<<< -ExclusionPath C:\Windows\Resources\Themes\GmLqzrYmyvj
    console_handle: 0x00000053
    		1 1 0

    WriteConsoleW

    		 buffer: aqntEnxHPYWNYByrf\svchost.exe -Force
    console_handle: 0x0000005f
    		1 1 0

    WriteConsoleW

    		 buffer: + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], Co
    console_handle: 0x0000006b
    		1 1 0

    WriteConsoleW

    		 buffer: mmandNotFoundException
    console_handle: 0x00000077
    		1 1 0

    WriteConsoleW

    		 buffer: + FullyQualifiedErrorId : CommandNotFoundException
    console_handle: 0x00000083
    		1 1 0

    WriteConsoleW

    		 buffer: Waiting for 1
    console_handle: 0x00000007
    		1 1 0

    WriteConsoleW

    		 buffer: seconds, press a key to continue ...
    console_handle: 0x00000007
    		1 1 0
    Time & API Arguments Status Return Repeated

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x006a6d98
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x006a6e58
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x006a6e58
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397640
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398400
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398400
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398400
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398300
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398300
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398300
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398300
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398300
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398300
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397e80
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397e80
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397e80
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398400
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398400
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398400
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397ac0
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398400
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398400
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398400
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398400
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398400
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398400
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00398400
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397680
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397680
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397680
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397680
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397680
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397680
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397680
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397680
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397680
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397680
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397680
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397680
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397680
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397680
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397b80
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397b80
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397b80
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397b80
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397b80
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397b80
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397b80
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x00397b80
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0

    CryptExportKey

    		 buffer: <INVALID POINTER>
    crypto_handle: 0x004764c8
    flags: 0
    crypto_export_handle: 0x00000000
    blob_type: 6
    		1 1 0
    Time & API Arguments Status Return Repeated

    GlobalMemoryStatusEx

    		 1 1 0
    Time & API Arguments Status Return Repeated

    __exception__

    		 stacktrace: 
    0x793332
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 39 09 e8 82 b5 68 64 8b c8 8b 01 8b 40 28 ff 10
    exception.instruction: cmp dword ptr [ecx], ecx
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x7955af
    registers.esp: 2420292
    registers.edi: 2420396
    registers.eax: 38867496
    registers.ebp: 2420412
    registers.edx: 38867496
    registers.ebx: 2420644
    registers.esi: 40381916
    registers.ecx: 0
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x795b76
0x793338
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c
    exception.instruction: mov edx, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796876
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 40388716
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40388716
    registers.ecx: 40347580
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x795b76
0x793338
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796897
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40388716
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x795b76
0x793338
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796924
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40388716
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x795b76
0x793338
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33
    exception.instruction: mov edx, dword ptr [eax + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x7969c7
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40388716
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x795b76
0x793338
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 bc c2
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x7969f2
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40388716
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x795b76
0x793338
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 78
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796a24
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40388716
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x795b76
0x793338
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 78
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796b9d
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40392748
    registers.ecx: 1879646896
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x795b76
0x793338
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796c18
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40392748
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x796efa
0x79333e
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c
    exception.instruction: mov edx, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796876
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 40395444
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40395444
    registers.ecx: 40347580
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x796efa
0x79333e
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796897
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40395444
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x796efa
0x79333e
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796924
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40395444
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x796efa
0x79333e
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33
    exception.instruction: mov edx, dword ptr [eax + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x7969c7
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40395444
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x796efa
0x79333e
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 bc c2
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x7969f2
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40395444
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x796efa
0x79333e
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 78
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796a24
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40395444
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x796efa
0x79333e
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 78
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796b9d
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40397944
    registers.ecx: 40397944
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x796efa
0x79333e
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796c18
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40397944
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x7976f2
0x793344
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c
    exception.instruction: mov edx, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796876
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 40400644
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40400644
    registers.ecx: 40347580
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x7976f2
0x793344
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796897
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40400644
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x7976f2
0x793344
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796924
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40400644
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x7976f2
0x793344
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33
    exception.instruction: mov edx, dword ptr [eax + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x7969c7
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40400644
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x7976f2
0x793344
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 bc c2
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x7969f2
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40400644
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x7976f2
0x793344
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 78
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796a24
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40400644
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x7976f2
0x793344
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 78
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796b9d
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40403148
    registers.ecx: 40403148
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x7976f2
0x793344
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796c18
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40403148
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x797eea
0x79334a
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c
    exception.instruction: mov edx, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796876
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 40405860
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40405860
    registers.ecx: 40347580
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x797eea
0x79334a
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796897
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40405860
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x797eea
0x79334a
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796924
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40405860
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x797eea
0x79334a
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33
    exception.instruction: mov edx, dword ptr [eax + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x7969c7
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40405860
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x797eea
0x79334a
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 bc c2
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x7969f2
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40405860
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x797eea
0x79334a
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 78
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796a24
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40405860
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x797eea
0x79334a
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 78
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796b9d
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40408368
    registers.ecx: 40408368
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x797eea
0x79334a
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796c18
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40408368
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    0x796c5f
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x7986e2
0x793350
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 7a 12 00 00 83 c2 01 0f
    exception.instruction: mov edx, dword ptr [eax + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x79d860
    registers.esp: 2417592
    registers.edi: 40797244
    registers.eax: 0
    registers.ebp: 2418896
    registers.edx: 40796524
    registers.ebx: 40796532
    registers.esi: 40797320
    registers.ecx: 1694156656
    		1 0 0

    __exception__

    		 stacktrace: 
    0x796c5f
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x7986e2
0x793350
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 3a 12 00 00 89 55 94 33
    exception.instruction: mov edx, dword ptr [eax + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x79d8a0
    registers.esp: 2417592
    registers.edi: 40797244
    registers.eax: 0
    registers.ebp: 2418896
    registers.edx: 0
    registers.ebx: 40796532
    registers.esi: 40797320
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    0x796c5f
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x7986e2
0x793350
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 12 12 00 00 c1 e0 04 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x79d8d0
    registers.esp: 2417592
    registers.edi: 40797244
    registers.eax: 0
    registers.ebp: 2418896
    registers.edx: 0
    registers.ebx: 40796532
    registers.esi: 40797320
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    0x796c5f
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x7986e2
0x793350
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 dc 11 00 00 c1 e0 04 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x79d906
    registers.esp: 2417592
    registers.edi: 40797244
    registers.eax: 0
    registers.ebp: 2418896
    registers.edx: 0
    registers.ebx: 40796532
    registers.esi: 40797320
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    0x796c5f
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x7986e2
0x793350
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 c3 0f 00 00 c1 e0 04 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x79db1f
    registers.esp: 2417588
    registers.edi: 2417792
    registers.eax: 0
    registers.ebp: 2418896
    registers.edx: 0
    registers.ebx: 40620968
    registers.esi: 0
    registers.ecx: 972179994
    		1 0 0

    __exception__

    		 stacktrace: 
    0x796c5f
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x7986e2
0x793350
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 4b 04 0f 83 30 07 00 00 c1 e1 04 8d 4c 0b 08
    exception.instruction: cmp ecx, dword ptr [ebx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x79e3b2
    registers.esp: 2417592
    registers.edi: 2417792
    registers.eax: 0
    registers.ebp: 2418896
    registers.edx: 0
    registers.ebx: 0
    registers.esi: 0
    registers.ecx: 0
    		1 0 0

    __exception__

    		 stacktrace: 
    0x79f0b1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f05f @ 0x7009f05f
microsoft+0x3e4d4 @ 0x7009e4d4
0x7987dd
0x793350
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 52 04 3b 55 08 7f 11 c7 45 d0 06 00 00 00 33
    exception.instruction: mov edx, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x79f244
    registers.esp: 2418928
    registers.edi: 2418968
    registers.eax: 0
    registers.ebp: 2418984
    registers.edx: 0
    registers.ebx: 2419680
    registers.esi: 40411104
    registers.ecx: 0
    		1 0 0

    __exception__

    		 stacktrace: 
    0x79f0b1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f05f @ 0x7009f05f
microsoft+0x3e4d4 @ 0x7009e4d4
0x7988ca
0x793350
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 52 04 3b 55 08 7f 11 c7 45 d0 06 00 00 00 33
    exception.instruction: mov edx, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x79f244
    registers.esp: 2418928
    registers.edi: 2418968
    registers.eax: 0
    registers.ebp: 2418984
    registers.edx: 0
    registers.ebx: 2419680
    registers.esi: 40411104
    registers.ecx: 0
    		1 0 0

    __exception__

    		 stacktrace: 
    0x79f0b1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f05f @ 0x7009f05f
microsoft+0x3e4d4 @ 0x7009e4d4
0x7989b7
0x793350
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 52 04 3b 55 08 7f 11 c7 45 d0 06 00 00 00 33
    exception.instruction: mov edx, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x79f244
    registers.esp: 2418928
    registers.edi: 2418968
    registers.eax: 0
    registers.ebp: 2418984
    registers.edx: 0
    registers.ebx: 2419680
    registers.esi: 40411104
    registers.ecx: 0
    		1 0 0

    __exception__

    		 stacktrace: 
    0x798a25
0x793350
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 38 01 6a 03 6a 00 33 d2 e8 5f 50 70 64 8b f0 ff
    exception.instruction: cmp byte ptr [ecx], al
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x79f434
    registers.esp: 2420256
    registers.edi: 40803780
    registers.eax: 7992368
    registers.ebp: 2420260
    registers.edx: 0
    registers.ebx: 0
    registers.esi: 0
    registers.ecx: 0
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x79f4fa
0x793356
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c
    exception.instruction: mov edx, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796876
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 40807492
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40807492
    registers.ecx: 40347580
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x79f4fa
0x793356
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796897
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40807492
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x79f4fa
0x793356
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796924
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40807492
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x79f4fa
0x793356
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33
    exception.instruction: mov edx, dword ptr [eax + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x7969c7
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40807492
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x79f4fa
0x793356
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 bc c2
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x7969f2
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40807492
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x79f4fa
0x793356
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 78
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796a24
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40807492
    registers.ecx: 5408860
    		1 0 0

    __exception__

    		 stacktrace: 
    DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838
LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737
mscorlib+0x2d36ad @ 0x64e836ad
mscorlib+0x308f2d @ 0x64eb8f2d
microsoft+0x50c17 @ 0x700b0c17
microsoft+0x3f33f @ 0x7009f33f
microsoft+0x3edf8 @ 0x7009edf8
microsoft+0x3e3b9 @ 0x7009e3b9
0x79f4fa
0x793356
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

    exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 78
    exception.instruction: cmp eax, dword ptr [edx + 4]
    exception.exception_code: 0xc0000005
    exception.symbol:
    exception.address: 0x796b9d
    registers.esp: 2418912
    registers.edi: 2419000
    registers.eax: 0
    registers.ebp: 2419016
    registers.edx: 0
    registers.ebx: 2419632
    registers.esi: 40810012
    registers.ecx: 40810012
    		1 0 0
    suspicious_features GET method with no useragent header suspicious_request GET http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5945125BA39050CC5933CF0C1B36419D.html
    suspicious_features GET method with no useragent header suspicious_request GET http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-43E8645E63EE68E099B116467826FCEA.html
    suspicious_features GET method with no useragent header suspicious_request GET http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C3D2B2E00FD2D0A487EE9D3E4ED34E37.html
    suspicious_features GET method with no useragent header suspicious_request GET https://freegeoip.app/xml/175.208.134.150
    domain checkip.dyndns.org
    request GET http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-5945125BA39050CC5933CF0C1B36419D.html
    request GET http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-43E8645E63EE68E099B116467826FCEA.html
    request GET http://liverpoolsupporters9.com/liverpool-fc-news/features/steven-gerrard-liverpool-future-dalglish--goal-C3D2B2E00FD2D0A487EE9D3E4ED34E37.html
    request GET http://checkip.dyndns.org/
    request GET https://freegeoip.app/xml/175.208.134.150
    Time & API Arguments Status Return Repeated

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 720896
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 0
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00390000
    allocation_type: 8192 (MEM_RESERVE)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00400000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 0
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x6fba1000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 0
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x6fba2000
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 393216
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 0
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00440000
    allocation_type: 8192 (MEM_RESERVE)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00460000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x003a2000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x003bc000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x008c0000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x003d5000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x003db000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x003d7000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x003aa000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x003ca000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x003c7000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x003ba000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x003c6000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x003cb000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x003ac000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x08230000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 147456
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x08231000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x08255000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x08256000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 327680
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 0
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0xfff30000
    allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0xfff30000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0xfff30000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0xfff38000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 65536
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 0
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0xfff20000
    allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0xfff20000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x08257000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x08258000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x08259000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x0825a000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x0825b000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 4244
    region_size: 4096
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x0825c000
    allocation_type: 4096 (MEM_COMMIT)
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00400000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00800000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00800000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00800000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00801000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00801000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00801000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00801000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00801000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00801000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00801000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00801000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00801000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00801000
    process_handle: 0xffffffff
    		1 0 0

    NtProtectVirtualMemory

    		 process_identifier: 4244
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 1
    length: 4096
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00801000
    process_handle: 0xffffffff
    		1 0 0
    file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
    file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
    file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
    file C:\Users\test22\AppData\Roaming\Opera\Opera\profile\wand.dat
    file C:\Users\test22\AppData\Local\Chromium\User Data\Default\Login Data
    file C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
    file C:\Users\test22\AppData\Local\Nichrome\User Data\Default\Login Data
    domain checkip.dyndns.org
    file C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
    cmdline powershell Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe" -Force
    cmdline cmd.exe /c timeout 1
    cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe" -Force
    cmdline "C:\Windows\System32\cmd.exe" /c timeout 1
    cmdline powershell Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf" -Force
    cmdline "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf" -Force
    Time & API Arguments Status Return Repeated

    ShellExecuteExW

    		 show_type: 0
    filepath_r: powershell
    parameters: Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe" -Force
    filepath: powershell
    		1 1 0

    ShellExecuteExW

    		 show_type: 0
    filepath_r: powershell
    parameters: Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf" -Force
    filepath: powershell
    		1 1 0

    ShellExecuteExW

    		 show_type: 0
    filepath_r: powershell
    parameters: Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe" -Force
    filepath: powershell
    		1 1 0

    ShellExecuteExW

    		 show_type: 0
    filepath_r: cmd.exe
    parameters: /c timeout 1
    filepath: cmd.exe
    		1 1 0
    Time & API Arguments Status Return Repeated

    MoveFileWithProgressW

    		 newfilepath_r: C:\Users\test22\AppData\Local\ᐕ᏶ᏴᐇᐄᏧᐁᏯᐔᏲᏭᐆᏥᏠᐎᐗᐄᐌᏧᏵᐌᐈᏴᐘᐐ\PO_107658_200.pdf_Url_bcaagskpz141cocyav1tf0kd513qfaar\5.164.659.254\user.config
    flags: 1
    oldfilepath_r: C:\Users\test22\AppData\Local\ᐕ᏶ᏴᐇᐄᏧᐁᏯᐔᏲᏭᐆᏥᏠᐎᐗᐄᐌᏧᏵᐌᐈᏴᐘᐐ\PO_107658_200.pdf_Url_bcaagskpz141cocyav1tf0kd513qfaar\5.164.659.254\pgspuwq3.newcfg
    newfilepath: C:\Users\test22\AppData\Local\ᐕ᏶ᏴᐇᐄᏧᐁᏯᐔᏲᏭᐆᏥᏠᐎᐗᐄᐌᏧᏵᐌᐈᏴᐘᐐ\PO_107658_200.pdf_Url_bcaagskpz141cocyav1tf0kd513qfaar\5.164.659.254\user.config
    oldfilepath: C:\Users\test22\AppData\Local\ᐕ᏶ᏴᐇᐄᏧᐁᏯᐔᏲᏭᐆᏥᏠᐎᐗᐄᐌᏧᏵᐌᐈᏴᐘᐐ\PO_107658_200.pdf_Url_bcaagskpz141cocyav1tf0kd513qfaar\5.164.659.254\pgspuwq3.newcfg
    		1 1 0
    Time & API Arguments Status Return Repeated

    GetAdaptersAddresses

    		 flags: 15
    family: 0
    		111 0
    Time & API Arguments Status Return Repeated

    LookupPrivilegeValueW

    		 system_name:
    privilege_name: SeDebugPrivilege
    		1 1 0

    LookupPrivilegeValueW

    		 system_name:
    privilege_name: SeDebugPrivilege
    		1 1 0

    LookupPrivilegeValueW

    		 system_name:
    privilege_name: SeDebugPrivilege
    		1 1 0

    LookupPrivilegeValueW

    		 system_name:
    privilege_name: SeDebugPrivilege
    		1 1 0

    LookupPrivilegeValueW

    		 system_name:
    privilege_name: SeDebugPrivilege
    		1 1 0
    description Listen for incoming communication rule network_tcp_listen
    description Communications smtp rule network_smtp_dotNet
    description Run a keylogger rule keylogger
    description Affect private profile rule win_files_operation
    description (no description) rule DebuggerCheck__GlobalFlags
    description (no description) rule DebuggerCheck__QueryInfo
    description (no description) rule DebuggerHiding__Thread
    description (no description) rule DebuggerHiding__Active
    description (no description) rule ThreadControl__Context
    description (no description) rule SEH__vectored
    description Checks if being debugged rule anti_dbg
    description Bypass DEP rule disable_dep
    description Affect hook table rule win_hook
    host 172.217.25.14
    Time & API Arguments Status Return Repeated

    NtAllocateVirtualMemory

    		 process_identifier: 5272
    region_size: 434176
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 0
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00400000
    allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
    process_handle: 0x00000534
    		1 0 0
    file C:\Users\test22\AppData\Local\AVAST Software\Browser\User Data\Default\Login Data
    reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\wcxoecpeRtxzhTPvfKr reg_value C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe
    file C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml
    file C:\Users\test22\AppData\Roaming\.purple\accounts.xml
    Time & API Arguments Status Return Repeated

    WriteProcessMemory

    		 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELÆ8`à  >\ `@  @…´[W`À€  H.text< > `.rsrcÀ`@@@.reloc €D@B
    base_address: 0x00400000
    process_identifier: 5272
    process_handle: 0x00000534
    		1 1 0

    WriteProcessMemory

    		 buffer: €0€ HX`häh4VS_VERSION_INFO½ïþ?ÈStringFileInfo¤040904b1, CommentsRPBJ SHVc(CompanyNameTQh8FileDescriptionQtz MfU0FileVersion2.5.4.1: InternalNameUlcS Xbh.exez+LegalCopyrightCopyright 2020 © DBa. All rights reserved.2LegalTrademarksBaLVB OriginalFilenameUlcS Xbh.exe2 ProductNameUlcS Xbh4ProductVersion4.4.5.78Assembly Version4.4.5.7DVarFileInfo$Translation PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
    base_address: 0x00466000
    process_identifier: 5272
    process_handle: 0x00000534
    		1 1 0

    WriteProcessMemory

    		 buffer: P <bbf9cb53e3c88d8b60d8faae5bcb82fa
    base_address: 0x00468000
    process_identifier: 5272
    process_handle: 0x00000534
    		1 1 0

    WriteProcessMemory

    		 buffer: @
    base_address: 0xfffde008
    process_identifier: 5272
    process_handle: 0x00000534
    		1 1 0
    Time & API Arguments Status Return Repeated

    WriteProcessMemory

    		 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELÆ8`à  >\ `@  @…´[W`À€  H.text< > `.rsrcÀ`@@@.reloc €D@B
    base_address: 0x00400000
    process_identifier: 5272
    process_handle: 0x00000534
    		1 1 0
    registry HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
    registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
    registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
    Process injection Process 4244 called NtSetContextThread to modify thread in remote process 5272
    Time & API Arguments Status Return Repeated

    NtSetContextThread

    		 registers.eip: 0
    registers.esp: 0
    registers.edi: 0
    registers.eax: 4611086
    registers.ebp: 0
    registers.edx: 0
    registers.ebx: -139264
    registers.esi: 0
    registers.ecx: 0
    thread_handle: 0x00000520
    process_identifier: 5272
    		1 0 0
    Process injection Process 4244 resumed a thread in remote process 5272
    Time & API Arguments Status Return Repeated

    NtResumeThread

    		 thread_handle: 0x00000520
    suspend_count: 1
    process_identifier: 5272
    		1 0 0
    file C:\Windows\System32\ie4uinit.exe
    file C:\Program Files\Windows Sidebar\sidebar.exe
    file C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
    file C:\Windows\System32\xpsrchvw.exe
    file C:\Windows\System32\displayswitch.exe
    file C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
    file C:\Windows\System32\mblctr.exe
    file C:\Windows\System32\mstsc.exe
    file C:\Windows\System32\SnippingTool.exe
    file C:\Windows\System32\SoundRecorder.exe
    file C:\Windows\System32\dfrgui.exe
    file C:\Windows\System32\msinfo32.exe
    file C:\Windows\System32\rstrui.exe
    file C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
    file C:\Program Files\Windows Journal\Journal.exe
    file C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    file C:\Windows\System32\MdSched.exe
    file C:\Windows\System32\msconfig.exe
    file C:\Windows\System32\recdisc.exe
    file C:\Windows\System32\msra.exe
    file C:\Windows\System32\drivers\VBoxSF.sys
    file C:\Windows\System32\vboxservice.exe
    file C:\Windows\System32\drivers\VBoxGuest.sys
    file C:\Windows\System32\drivers\VBoxMouse.sys
    file C:\Windows\System32\drivers\VBoxVideo.sys
    file C:\Windows\System32\drivers\Vmmouse.sys
    Elastic malicious (high confidence)
    FireEye Generic.mg.4ac557f524400a90
    Qihoo-360 HEUR/QVM03.0.0697.Malware.Gen
    Cylance Unsafe
    Sangfor Trojan.Win32.Save.a
    Cybereason malicious.7346a6
    Cyren W32/MSIL_Kryptik.DQG.gen!Eldorado
    APEX Malicious
    Avast Win32:RATX-gen [Trj]
    McAfee-GW-Edition Artemis!Trojan
    SentinelOne Static AI - Malicious PE
    Microsoft Trojan:Win32/Wacatac.B!ml
    Cynet Malicious (score: 90)
    McAfee Artemis!4AC557F52440
    Malwarebytes Trojan.Crypt.MSIL
    ESET-NOD32 a variant of MSIL/TrojanDownloader.Agent.HPJ
    Rising Downloader.Agent!8.B23 (CLOUD)
    eGambit Unsafe.AI_Score_87%
    Fortinet MSIL/Agent.HPD!tr.dldr
    BitDefenderTheta Gen:NN.ZemsilF.34628.um0@aOXSs!fi
    AVG Win32:RATX-gen [Trj]
    CrowdStrike win/malicious_confidence_100% (D)
    Time & API Arguments Status Return Repeated

    NtResumeThread

    		 thread_handle: 0x000000e0
    suspend_count: 1
    process_identifier: 4244
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x00000158
    suspend_count: 1
    process_identifier: 4244
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x0000019c
    suspend_count: 1
    process_identifier: 4244
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x00000418
    suspend_count: 1
    process_identifier: 4244
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x000002d8
    suspend_count: 1
    process_identifier: 4244
    		1 0 0

    NtGetContextThread

    		 thread_handle: 0x000000f0
    		1 0 0

    NtGetContextThread

    		 thread_handle: 0x000000f0
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x000000f0
    suspend_count: 1
    process_identifier: 4244
    		1 0 0

    NtGetContextThread

    		 thread_handle: 0x00000418
    		1 0 0

    NtGetContextThread

    		 thread_handle: 0x00000418
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x00000418
    suspend_count: 1
    process_identifier: 4244
    		1 0 0

    NtGetContextThread

    		 thread_handle: 0x000000f0
    		1 0 0

    NtGetContextThread

    		 thread_handle: 0x000000f0
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x000000f0
    suspend_count: 1
    process_identifier: 4244
    		1 0 0

    NtGetContextThread

    		 thread_handle: 0x000000f0
    		1 0 0

    NtGetContextThread

    		 thread_handle: 0x000000f0
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x000000f0
    suspend_count: 1
    process_identifier: 4244
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x000002ac
    suspend_count: 1
    process_identifier: 4244
    		1 0 0

    CreateProcessInternalW

    		 thread_identifier: 6096
    thread_handle: 0x000004ec
    process_identifier: 8780
    current_directory: C:\Users\test22\AppData\Local\Temp
    filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    track: 1
    command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe" -Force
    filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    stack_pivoted: 0
    creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
    inherit_handles: 0
    process_handle: 0x000004f0
    		1 1 0

    NtResumeThread

    		 thread_handle: 0x000004e0
    suspend_count: 1
    process_identifier: 4244
    		1 0 0

    CreateProcessInternalW

    		 thread_identifier: 6952
    thread_handle: 0x000004d8
    process_identifier: 3800
    current_directory: C:\Users\test22\AppData\Local\Temp
    filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    track: 1
    command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf" -Force
    filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    stack_pivoted: 0
    creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
    inherit_handles: 0
    process_handle: 0x0000050c
    		1 1 0

    NtResumeThread

    		 thread_handle: 0x000004fc
    suspend_count: 1
    process_identifier: 4244
    		1 0 0

    CreateProcessInternalW

    		 thread_identifier: 2776
    thread_handle: 0x00000508
    process_identifier: 1160
    current_directory: C:\Users\test22\AppData\Local\Temp
    filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    track: 1
    command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Windows\Resources\Themes\GmLqzrYmyvjaqntEnxHPYWNYByrf\svchost.exe" -Force
    filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    stack_pivoted: 0
    creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
    inherit_handles: 0
    process_handle: 0x00000528
    		1 1 0

    NtResumeThread

    		 thread_handle: 0x00000518
    suspend_count: 1
    process_identifier: 4244
    		1 0 0

    CreateProcessInternalW

    		 thread_identifier: 2268
    thread_handle: 0x00000524
    process_identifier: 4884
    current_directory: C:\Users\test22\AppData\Local\Temp
    filepath: C:\Windows\System32\cmd.exe
    track: 1
    command_line: "C:\Windows\System32\cmd.exe" /c timeout 1
    filepath_r: C:\Windows\System32\cmd.exe
    stack_pivoted: 0
    creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
    inherit_handles: 0
    process_handle: 0x00000540
    		1 1 0

    CreateProcessInternalW

    		 thread_identifier: 4404
    thread_handle: 0x00000520
    process_identifier: 5272
    current_directory:
    filepath: C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf
    track: 1
    command_line:
    filepath_r: C:\Users\test22\AppData\Local\Temp\PO_107658_200.pdf
    stack_pivoted: 0
    creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
    inherit_handles: 0
    process_handle: 0x00000534
    		1 1 0

    NtGetContextThread

    		 thread_handle: 0x00000520
    		1 0 0

    NtAllocateVirtualMemory

    		 process_identifier: 5272
    region_size: 434176
    stack_dep_bypass: 0
    stack_pivoted: 0
    heap_dep_bypass: 0
    protection: 64 (PAGE_EXECUTE_READWRITE)
    base_address: 0x00400000
    allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
    process_handle: 0x00000534
    		1 0 0

    WriteProcessMemory

    		 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELÆ8`à  >\ `@  @…´[W`À€  H.text< > `.rsrcÀ`@@@.reloc €D@B
    base_address: 0x00400000
    process_identifier: 5272
    process_handle: 0x00000534
    		1 1 0

    WriteProcessMemory

    		 buffer:
    base_address: 0x00402000
    process_identifier: 5272
    process_handle: 0x00000534
    		1 1 0

    WriteProcessMemory

    		 buffer: €0€ HX`häh4VS_VERSION_INFO½ïþ?ÈStringFileInfo¤040904b1, CommentsRPBJ SHVc(CompanyNameTQh8FileDescriptionQtz MfU0FileVersion2.5.4.1: InternalNameUlcS Xbh.exez+LegalCopyrightCopyright 2020 © DBa. All rights reserved.2LegalTrademarksBaLVB OriginalFilenameUlcS Xbh.exe2 ProductNameUlcS Xbh4ProductVersion4.4.5.78Assembly Version4.4.5.7DVarFileInfo$Translation PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
    base_address: 0x00466000
    process_identifier: 5272
    process_handle: 0x00000534
    		1 1 0

    WriteProcessMemory

    		 buffer: P <bbf9cb53e3c88d8b60d8faae5bcb82fa
    base_address: 0x00468000
    process_identifier: 5272
    process_handle: 0x00000534
    		1 1 0

    WriteProcessMemory

    		 buffer: @
    base_address: 0xfffde008
    process_identifier: 5272
    process_handle: 0x00000534
    		1 1 0

    NtSetContextThread

    		 registers.eip: 0
    registers.esp: 0
    registers.edi: 0
    registers.eax: 4611086
    registers.ebp: 0
    registers.edx: 0
    registers.ebx: -139264
    registers.esi: 0
    registers.ecx: 0
    thread_handle: 0x00000520
    process_identifier: 5272
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x00000520
    suspend_count: 1
    process_identifier: 5272
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x000002a4
    suspend_count: 1
    process_identifier: 8780
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x000002f8
    suspend_count: 1
    process_identifier: 8780
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x00000454
    suspend_count: 1
    process_identifier: 8780
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x000004b4
    suspend_count: 1
    process_identifier: 8780
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x0000029c
    suspend_count: 1
    process_identifier: 3800
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x000002f0
    suspend_count: 1
    process_identifier: 3800
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x0000044c
    suspend_count: 1
    process_identifier: 3800
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x000004ac
    suspend_count: 1
    process_identifier: 3800
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x000002ac
    suspend_count: 1
    process_identifier: 1160
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x00000300
    suspend_count: 1
    process_identifier: 1160
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x0000045c
    suspend_count: 1
    process_identifier: 1160
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x000004bc
    suspend_count: 1
    process_identifier: 1160
    		1 0 0

    CreateProcessInternalW

    		 thread_identifier: 3724
    thread_handle: 0x00000084
    process_identifier: 4772
    current_directory: C:\Users\test22\AppData\Local\Temp
    filepath: C:\Windows\System32\timeout.exe
    track: 1
    command_line: timeout 1
    filepath_r: C:\Windows\system32\timeout.exe
    stack_pivoted: 0
    creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT)
    inherit_handles: 1
    process_handle: 0x00000088
    		1 1 0

    NtResumeThread

    		 thread_handle: 0x000000e0
    suspend_count: 1
    process_identifier: 5272
    		1 0 0

    NtResumeThread

    		 thread_handle: 0x00000158
    suspend_count: 1
    process_identifier: 5272
    		1 0 0