SmartHawk

5.2

中危

该样本未表现出任何异常！

重新分析

下载样本

b4513232b561d901a92dd3fd3f7d619779488e72a522850ae627e63340c0586d

42c03f4c01e6fd1715b46153ac714f85.exe

分析耗时

85s

最近分析

文件大小

859.2KB

静态报毒动态报毒

未检测暂无鹰眼引擎检测结果

未检测暂无反病毒引擎检测结果

Checks if process is being debugged by a debugger (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1619389347.63625 IsDebuggerPresent		failed	0	0
1619389347.63625 IsDebuggerPresent		failed	0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619389347.66825 GlobalMemoryStatusEx		success	1	0

One or more processes crashed (8 个事件)

Time & API	Arguments	Status
1619389354.13625 __exception__	stacktrace: mscorlib+0x230de1 @ 0x71e40de1 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424 StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33 StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92 GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8 GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619 StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9 CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1 LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7 mscorlib+0x24e713 @ 0x71e5e713 mscorlib+0x24e4ea @ 0x71e5e4ea mscorlib+0x23d314 @ 0x71e4d314 mscorlib+0x23cf95 @ 0x71e4cf95 mscorlib+0x23cd51 @ 0x71e4cd51 mscorlib+0x836a4f @ 0x72446a4f mscorlib+0x25351b @ 0x71e6351b 0xa401ac 0xa40120 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x4f8b DllRegisterServerInternal-0xe1f5 clr+0x23153 @ 0x73bb3153 CoUninitializeEE+0x5004 DllRegisterServerInternal-0xe17c clr+0x231cc @ 0x73bb31cc CoUninitializeEE+0x5073 DllRegisterServerInternal-0xe10d clr+0x2323b @ 0x73bb323b CoUninitializeEE+0x524d DllRegisterServerInternal-0xdf33 clr+0x23415 @ 0x73bb3415 CoUninitializeEE+0x5392 DllRegisterServerInternal-0xddee clr+0x2355a @ 0x73bb355a GetMetaDataInternalInterface+0x838a LogHelp_TerminateOnAssert-0x5ca6 clr+0x56db2 @ 0x73be6db2 CoUninitializeEE+0x3d8d DllRegisterServerInternal-0xf3f3 clr+0x21f55 @ 0x73bb1f55 0xa50842 0xa400d6 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21 GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82 GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90 GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4 GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199 GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a _CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00 _CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1560832 registers.edi: 35987532 registers.eax: 0 registers.ebp: 1560892 registers.edx: 9 registers.ebx: 35918740 registers.esi: 35960844 registers.ecx: 1942112702 exception.instruction_r: 83 78 04 00 77 05 e8 34 88 40 73 0f b6 40 08 89 exception.instruction: cmp dword ptr [eax + 4], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa40501	success
1619389355.35525 __exception__	stacktrace: mscorlib+0x230de1 @ 0x71e40de1 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424 StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33 StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92 GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8 GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619 StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9 CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1 LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7 mscorlib+0x24e713 @ 0x71e5e713 mscorlib+0x24e4ea @ 0x71e5e4ea mscorlib+0x23d314 @ 0x71e4d314 mscorlib+0x23cf95 @ 0x71e4cf95 mscorlib+0x23cd51 @ 0x71e4cd51 mscorlib+0x23caba @ 0x71e4caba mscorlib+0x2bba5a @ 0x71ecba5a DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21 LogHelp_TerminateOnAssert+0x42ba0 StrongNameErrorInfo-0x452fa clr+0x9f5f8 @ 0x73c2f5f8 LogHelp_TerminateOnAssert+0x42cf7 StrongNameErrorInfo-0x451a3 clr+0x9f74f @ 0x73c2f74f mscorlib+0x2bb931 @ 0x71ecb931 mscorlib+0x2bbc18 @ 0x71ecbc18 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 LogHelp_TerminateOnAssert+0x31879 StrongNameErrorInfo-0x56621 clr+0x8e2d1 @ 0x73c1e2d1 LogHelp_TerminateOnAssert+0x3197b StrongNameErrorInfo-0x5651f clr+0x8e3d3 @ 0x73c1e3d3 mscorlib+0x843318 @ 0x72453318 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetCLRFunction+0x4d5 GetMetaDataPublicInterfaceFromInternal-0x9198 clr+0xec74f @ 0x73c7c74f CopyPDBs+0x321b MetaDataGetDispenser-0x5ad9 clr+0xf9269 @ 0x73c89269 GetAddrOfContractShutoffFlag+0x10bc2 CorLaunchApplication-0x2ed06 clr+0x277842 @ 0x73e07842 AttachProfiler+0x42b0 LogHelp_LogAssert-0x15e9a clr+0x1e2e38 @ 0x73d72e38 LogHelp_TerminateOnAssert+0x30167 StrongNameErrorInfo-0x57d33 clr+0x8cbbf @ 0x73c1cbbf LogHelp_TerminateOnAssert+0x302a6 StrongNameErrorInfo-0x57bf4 clr+0x8ccfe @ 0x73c1ccfe RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x77d76ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x77d76a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x745b482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x77d40143 mscorlib+0x230de1 @ 0x71e40de1 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424 StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33 StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92 GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8 GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619 StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9 CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1 LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7 mscorlib+0x24e713 @ 0x71e5e713 registers.esp: 1549728 registers.edi: 36065436 registers.eax: 0 registers.ebp: 1549788 registers.edx: 9 registers.ebx: 35918740 registers.esi: 35960844 registers.ecx: 1942112702 exception.instruction_r: 83 78 04 00 77 05 e8 34 88 40 73 0f b6 40 08 89 exception.instruction: cmp dword ptr [eax + 4], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa40501	success
1619389355.77725 __exception__	stacktrace: mscorlib+0x230de1 @ 0x71e40de1 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424 StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33 StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92 GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8 GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619 StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9 CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1 LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7 mscorlib+0x24e713 @ 0x71e5e713 mscorlib+0x24e4ea @ 0x71e5e4ea mscorlib+0x23d314 @ 0x71e4d314 mscorlib+0x23cf95 @ 0x71e4cf95 mscorlib+0x23cd51 @ 0x71e4cd51 mscorlib+0x23caba @ 0x71e4caba mscorlib+0x2bba5a @ 0x71ecba5a DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21 LogHelp_TerminateOnAssert+0x42ba0 StrongNameErrorInfo-0x452fa clr+0x9f5f8 @ 0x73c2f5f8 LogHelp_TerminateOnAssert+0x42cf7 StrongNameErrorInfo-0x451a3 clr+0x9f74f @ 0x73c2f74f mscorlib+0x2bb931 @ 0x71ecb931 mscorlib+0x2bbc18 @ 0x71ecbc18 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 LogHelp_TerminateOnAssert+0x31879 StrongNameErrorInfo-0x56621 clr+0x8e2d1 @ 0x73c1e2d1 LogHelp_TerminateOnAssert+0x3197b StrongNameErrorInfo-0x5651f clr+0x8e3d3 @ 0x73c1e3d3 mscorlib+0x843318 @ 0x72453318 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetCLRFunction+0x4d5 GetMetaDataPublicInterfaceFromInternal-0x9198 clr+0xec74f @ 0x73c7c74f CopyPDBs+0x321b MetaDataGetDispenser-0x5ad9 clr+0xf9269 @ 0x73c89269 GetAddrOfContractShutoffFlag+0x10bc2 CorLaunchApplication-0x2ed06 clr+0x277842 @ 0x73e07842 AttachProfiler+0x42b0 LogHelp_LogAssert-0x15e9a clr+0x1e2e38 @ 0x73d72e38 LogHelp_TerminateOnAssert+0x30167 StrongNameErrorInfo-0x57d33 clr+0x8cbbf @ 0x73c1cbbf LogHelp_TerminateOnAssert+0x302a6 StrongNameErrorInfo-0x57bf4 clr+0x8ccfe @ 0x73c1ccfe RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x77d76ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x77d76a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x745b482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x77d40143 mscorlib+0x230de1 @ 0x71e40de1 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424 StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33 StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92 GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8 GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619 StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9 CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1 LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7 mscorlib+0x24e713 @ 0x71e5e713 registers.esp: 1549728 registers.edi: 36116484 registers.eax: 0 registers.ebp: 1549788 registers.edx: 9 registers.ebx: 35918740 registers.esi: 35960844 registers.ecx: 1942112702 exception.instruction_r: 83 78 04 00 77 05 e8 34 88 40 73 0f b6 40 08 89 exception.instruction: cmp dword ptr [eax + 4], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa40501	success
1619389355.77725 __exception__	stacktrace: mscorlib+0x230de1 @ 0x71e40de1 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424 StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33 StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92 GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8 GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619 StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9 CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1 LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7 mscorlib+0x24e713 @ 0x71e5e713 mscorlib+0x24e4ea @ 0x71e5e4ea mscorlib+0x23d314 @ 0x71e4d314 mscorlib+0x23cf95 @ 0x71e4cf95 mscorlib+0x23cd51 @ 0x71e4cd51 mscorlib+0x23caba @ 0x71e4caba mscorlib+0x2bba5a @ 0x71ecba5a DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21 LogHelp_TerminateOnAssert+0x42ba0 StrongNameErrorInfo-0x452fa clr+0x9f5f8 @ 0x73c2f5f8 LogHelp_TerminateOnAssert+0x42cf7 StrongNameErrorInfo-0x451a3 clr+0x9f74f @ 0x73c2f74f mscorlib+0x2bb931 @ 0x71ecb931 mscorlib+0x2bbc18 @ 0x71ecbc18 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 LogHelp_TerminateOnAssert+0x31879 StrongNameErrorInfo-0x56621 clr+0x8e2d1 @ 0x73c1e2d1 LogHelp_TerminateOnAssert+0x3197b StrongNameErrorInfo-0x5651f clr+0x8e3d3 @ 0x73c1e3d3 mscorlib+0x843318 @ 0x72453318 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetCLRFunction+0x4d5 GetMetaDataPublicInterfaceFromInternal-0x9198 clr+0xec74f @ 0x73c7c74f CopyPDBs+0x321b MetaDataGetDispenser-0x5ad9 clr+0xf9269 @ 0x73c89269 GetAddrOfContractShutoffFlag+0x10bc2 CorLaunchApplication-0x2ed06 clr+0x277842 @ 0x73e07842 AttachProfiler+0x42b0 LogHelp_LogAssert-0x15e9a clr+0x1e2e38 @ 0x73d72e38 LogHelp_TerminateOnAssert+0x30167 StrongNameErrorInfo-0x57d33 clr+0x8cbbf @ 0x73c1cbbf LogHelp_TerminateOnAssert+0x302a6 StrongNameErrorInfo-0x57bf4 clr+0x8ccfe @ 0x73c1ccfe RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x77d76ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x77d76a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x745b482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x77d40143 mscorlib+0x230de1 @ 0x71e40de1 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424 StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33 StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92 GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8 GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619 StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9 CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1 LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7 mscorlib+0x24e713 @ 0x71e5e713 registers.esp: 1549728 registers.edi: 36154132 registers.eax: 0 registers.ebp: 1549788 registers.edx: 9 registers.ebx: 35918740 registers.esi: 35960844 registers.ecx: 1942112702 exception.instruction_r: 83 78 04 00 77 05 e8 34 88 40 73 0f b6 40 08 89 exception.instruction: cmp dword ptr [eax + 4], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa40501	success
1619389355.79325 __exception__	stacktrace: mscorlib+0x230de1 @ 0x71e40de1 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424 StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33 StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92 GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8 GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619 StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9 CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1 LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7 mscorlib+0x24e713 @ 0x71e5e713 mscorlib+0x24e4ea @ 0x71e5e4ea mscorlib+0x23d314 @ 0x71e4d314 mscorlib+0x23cf95 @ 0x71e4cf95 mscorlib+0x23cd51 @ 0x71e4cd51 mscorlib+0x23caba @ 0x71e4caba mscorlib+0x2bba5a @ 0x71ecba5a DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21 LogHelp_TerminateOnAssert+0x42ba0 StrongNameErrorInfo-0x452fa clr+0x9f5f8 @ 0x73c2f5f8 LogHelp_TerminateOnAssert+0x42cf7 StrongNameErrorInfo-0x451a3 clr+0x9f74f @ 0x73c2f74f mscorlib+0x2bb931 @ 0x71ecb931 mscorlib+0x2bbc18 @ 0x71ecbc18 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 LogHelp_TerminateOnAssert+0x31879 StrongNameErrorInfo-0x56621 clr+0x8e2d1 @ 0x73c1e2d1 LogHelp_TerminateOnAssert+0x3197b StrongNameErrorInfo-0x5651f clr+0x8e3d3 @ 0x73c1e3d3 mscorlib+0x843318 @ 0x72453318 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetCLRFunction+0x4d5 GetMetaDataPublicInterfaceFromInternal-0x9198 clr+0xec74f @ 0x73c7c74f CopyPDBs+0x321b MetaDataGetDispenser-0x5ad9 clr+0xf9269 @ 0x73c89269 GetAddrOfContractShutoffFlag+0x10bc2 CorLaunchApplication-0x2ed06 clr+0x277842 @ 0x73e07842 AttachProfiler+0x42b0 LogHelp_LogAssert-0x15e9a clr+0x1e2e38 @ 0x73d72e38 LogHelp_TerminateOnAssert+0x30167 StrongNameErrorInfo-0x57d33 clr+0x8cbbf @ 0x73c1cbbf LogHelp_TerminateOnAssert+0x302a6 StrongNameErrorInfo-0x57bf4 clr+0x8ccfe @ 0x73c1ccfe RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x77d76ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x77d76a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x745b482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x77d40143 mscorlib+0x230de1 @ 0x71e40de1 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424 StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33 StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92 GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8 GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619 StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9 CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1 LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7 mscorlib+0x24e713 @ 0x71e5e713 registers.esp: 1549728 registers.edi: 36191588 registers.eax: 0 registers.ebp: 1549788 registers.edx: 9 registers.ebx: 35918740 registers.esi: 35960844 registers.ecx: 1942112702 exception.instruction_r: 83 78 04 00 77 05 e8 34 88 40 73 0f b6 40 08 89 exception.instruction: cmp dword ptr [eax + 4], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa40501	success
1619389355.79325 __exception__	stacktrace: mscorlib+0x230de1 @ 0x71e40de1 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424 StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33 StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92 GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8 GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619 StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9 CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1 LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7 mscorlib+0x24e713 @ 0x71e5e713 mscorlib+0x24e4ea @ 0x71e5e4ea mscorlib+0x23d314 @ 0x71e4d314 mscorlib+0x23cf95 @ 0x71e4cf95 mscorlib+0x23cd51 @ 0x71e4cd51 mscorlib+0x836a4f @ 0x72446a4f mscorlib+0x25351b @ 0x71e6351b 0xa401ac 0xa40120 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x4f8b DllRegisterServerInternal-0xe1f5 clr+0x23153 @ 0x73bb3153 CoUninitializeEE+0x5004 DllRegisterServerInternal-0xe17c clr+0x231cc @ 0x73bb31cc CoUninitializeEE+0x5073 DllRegisterServerInternal-0xe10d clr+0x2323b @ 0x73bb323b CoUninitializeEE+0x524d DllRegisterServerInternal-0xdf33 clr+0x23415 @ 0x73bb3415 CoUninitializeEE+0x5392 DllRegisterServerInternal-0xddee clr+0x2355a @ 0x73bb355a GetMetaDataInternalInterface+0x838a LogHelp_TerminateOnAssert-0x5ca6 clr+0x56db2 @ 0x73be6db2 CoUninitializeEE+0x3d8d DllRegisterServerInternal-0xf3f3 clr+0x21f55 @ 0x73bb1f55 0xa50842 0xa400d6 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21 GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82 GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90 GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4 GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199 GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a _CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00 _CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1560832 registers.edi: 36235936 registers.eax: 0 registers.ebp: 1560892 registers.edx: 9 registers.ebx: 35918740 registers.esi: 35960844 registers.ecx: 1942112702 exception.instruction_r: 83 78 04 00 77 05 e8 34 88 40 73 0f b6 40 08 89 exception.instruction: cmp dword ptr [eax + 4], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa40501	success
1619389355.80825 __exception__	stacktrace: mscorlib+0x230de1 @ 0x71e40de1 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424 StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33 StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92 GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8 GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619 StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9 CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1 LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7 mscorlib+0x24e713 @ 0x71e5e713 mscorlib+0x24e4ea @ 0x71e5e4ea mscorlib+0x23d314 @ 0x71e4d314 mscorlib+0x23cf95 @ 0x71e4cf95 mscorlib+0x23cd51 @ 0x71e4cd51 mscorlib+0x836a4f @ 0x72446a4f mscorlib+0x25351b @ 0x71e6351b 0xa401ac 0xa40120 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x4f8b DllRegisterServerInternal-0xe1f5 clr+0x23153 @ 0x73bb3153 CoUninitializeEE+0x5004 DllRegisterServerInternal-0xe17c clr+0x231cc @ 0x73bb31cc CoUninitializeEE+0x5073 DllRegisterServerInternal-0xe10d clr+0x2323b @ 0x73bb323b CoUninitializeEE+0x524d DllRegisterServerInternal-0xdf33 clr+0x23415 @ 0x73bb3415 CoUninitializeEE+0x5392 DllRegisterServerInternal-0xddee clr+0x2355a @ 0x73bb355a GetMetaDataInternalInterface+0x838a LogHelp_TerminateOnAssert-0x5ca6 clr+0x56db2 @ 0x73be6db2 CoUninitializeEE+0x3d8d DllRegisterServerInternal-0xf3f3 clr+0x21f55 @ 0x73bb1f55 0xa50842 0xa400d6 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21 GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82 GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90 GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4 GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199 GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a _CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00 _CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1560832 registers.edi: 36239308 registers.eax: 0 registers.ebp: 1560892 registers.edx: 9 registers.ebx: 35918740 registers.esi: 35960844 registers.ecx: 1942112702 exception.instruction_r: 83 78 04 00 77 05 e8 34 88 40 73 0f b6 40 08 89 exception.instruction: cmp dword ptr [eax + 4], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa40501	success
1619389355.80825 __exception__	stacktrace: mscorlib+0x230de1 @ 0x71e40de1 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 GetMetaDataInternalInterface+0xa9fc LogHelp_TerminateOnAssert-0x3634 clr+0x59424 @ 0x73be9424 StrongNameFreeBuffer+0x5115 GetMetaDataInternalInterface-0xaaf5 clr+0x43f33 @ 0x73bd3f33 StrongNameFreeBuffer+0x5174 GetMetaDataInternalInterface-0xaa96 clr+0x43f92 @ 0x73bd3f92 GetMetaDataInternalInterface+0xa8a0 LogHelp_TerminateOnAssert-0x3790 clr+0x592c8 @ 0x73be92c8 GetMetaDataInternalInterface+0xabf1 LogHelp_TerminateOnAssert-0x343f clr+0x59619 @ 0x73be9619 StrongNameFreeBuffer+0x508b GetMetaDataInternalInterface-0xab7f clr+0x43ea9 @ 0x73bd3ea9 CoUninitializeEE+0x12a29 DllRegisterServerInternal-0x757 clr+0x30bf1 @ 0x73bc0bf1 LogHelp_TerminateOnAssert+0x3bf8f StrongNameErrorInfo-0x4bf0b clr+0x989e7 @ 0x73c289e7 mscorlib+0x24e713 @ 0x71e5e713 mscorlib+0x24e4ea @ 0x71e5e4ea mscorlib+0x23d314 @ 0x71e4d314 mscorlib+0x23cf95 @ 0x71e4cf95 mscorlib+0x23cd51 @ 0x71e4cd51 mscorlib+0x836a4f @ 0x72446a4f mscorlib+0x25351b @ 0x71e6351b 0xa401ac 0xa40120 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x4f8b DllRegisterServerInternal-0xe1f5 clr+0x23153 @ 0x73bb3153 CoUninitializeEE+0x5004 DllRegisterServerInternal-0xe17c clr+0x231cc @ 0x73bb31cc CoUninitializeEE+0x5073 DllRegisterServerInternal-0xe10d clr+0x2323b @ 0x73bb323b CoUninitializeEE+0x524d DllRegisterServerInternal-0xdf33 clr+0x23415 @ 0x73bb3415 CoUninitializeEE+0x5392 DllRegisterServerInternal-0xddee clr+0x2355a @ 0x73bb355a GetMetaDataInternalInterface+0x838a LogHelp_TerminateOnAssert-0x5ca6 clr+0x56db2 @ 0x73be6db2 CoUninitializeEE+0x3d8d DllRegisterServerInternal-0xf3f3 clr+0x21f55 @ 0x73bb1f55 0xa50842 0xa400d6 DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01 CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21 GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82 GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90 GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4 GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199 GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a _CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00 _CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5 registers.esp: 1560832 registers.edi: 36242676 registers.eax: 0 registers.ebp: 1560892 registers.edx: 9 registers.ebx: 35918740 registers.esi: 35960844 registers.ecx: 1942112702 exception.instruction_r: 83 78 04 00 77 05 e8 34 88 40 73 0f b6 40 08 89 exception.instruction: cmp dword ptr [eax + 4], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa40501	success

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (35 个事件)

Time & API	Arguments	Status
1619389346.91825 NtAllocateVirtualMemory	process_identifier: 472 region_size: 393216 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x004c0000	success
1619389346.91825 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x004e0000	success
1619389347.52725 NtAllocateVirtualMemory	process_identifier: 472 region_size: 1048576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x00990000	success
1619389347.52725 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00a50000	success
1619389347.57425 NtProtectVirtualMemory	process_identifier: 472 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x73b91000	success
1619389347.63625 NtAllocateVirtualMemory	process_identifier: 472 region_size: 1966080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 8192 (MEM_RESERVE) base_address: 0x00a90000	success
1619389347.63625 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00c30000	success
1619389347.65225 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0056a000	success
1619389347.65225 NtProtectVirtualMemory	process_identifier: 472 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x73b92000	success
1619389347.65225 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00562000	success
1619389347.87125 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00572000	success
1619389347.96525 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005a5000	success
1619389347.98025 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005ab000	success
1619389347.98025 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x005a7000	success
1619389348.12125 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00573000	success
1619389348.12125 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00574000	success
1619389348.13625 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00575000	success
1619389348.15225 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0057c000	success
1619389348.82425 NtAllocateVirtualMemory	process_identifier: 472 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00576000	success
1619389348.82425 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00578000	success
1619389348.94925 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00a40000	success
1619389355.87125 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x0059a000	success
1619389355.87125 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00597000	success
1619389355.99625 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ad0000	success
1619389356.01125 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ad1000	success
1619389356.01125 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ad2000	success
1619389356.27725 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00596000	success
1619389356.35525 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ad3000	success
1619389356.38625 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ad4000	success
1619389356.43325 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ad5000	success
1619389356.43325 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ad6000	success
1619389356.43325 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ad7000	success
1619389356.43325 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00ad8000	success
1619389386.48025 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00a41000	success
1619389386.59025 NtAllocateVirtualMemory	process_identifier: 472 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 4096 (MEM_COMMIT) base_address: 0x00563000	success

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.709732437049993

section

{'size_of_data': '0x00058400', 'virtual_address': '0x00002000', 'entropy': 7.709732437049993, 'name': '.text', 'virtual_size': '0x000582e4'}

description

A section with a high entropy has been found

entropy

0.9527665317139001

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619389386.59025 LookupPrivilegeValueW	system_name: privilege_name: SeDebugPrivilege	success	1	0

Terminates another process (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1619389404.55825 NtTerminateProcess	status_code: 0xffffffff process_identifier: 472 process_handle: 0x00000210	failed	0	0

One or more of the buffers contains an embedded PE file (1 个事件)

buffer

Buffer with sha1: 5ec2d429e1364687f4dba0a813afd64759ba6960

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.78:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2020-05-28 06:02:18

Imports

Library mscoree.dll:

• 0x402000 _CorExeMain

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.160.78 CNAME clients.l.google.com	216.58.200.238
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com		127.0.0.1

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	53657	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	60215	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	50002	224.0.0.252	5355
192.168.56.101	50534	224.0.0.252	5355
192.168.56.101	51808	224.0.0.252	5355
192.168.56.101	56539	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	57756	224.0.0.252	5355
192.168.56.101	57874	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	60384	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49236	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.