14.4
0-day
52 个模型检测该样本为恶意!
重新分析
更多

6bd0bafbf71604a763081677bfa46355b40bc53d66fd70d46ce65b9232a273e5

cb46aab04048194cea26e4ddedd3f10e.exe

分析耗时

181s

最近分析

文件大小

798.0KB
静态报毒 动态报毒 AGEN AI SCORE=100 ALI2000008 ATTRIBUTE CONFIDENCE FORMBOOK GDSDA GENERICKDZ GENKRYPTIK HEYE HIGH CONFIDENCE HIGHCONFIDENCE KILLPROC2 KRYPTIK MALDOC MALICIOUS PE MALWARE@#3C036O8LET6XB QQPASS QQROB QVM03 R06EC0DI220 RNDCRYPT SCORE STATIC AI SUSGEN SZBI TROJANX TSCOPE UNSAFE WACATAC XMW@A8EIYJKI XSFN YSIZZC2ADDM ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Packed-GAJ!CB46AAB04048 20201229 6.0.6.653
Alibaba Trojan:Win32/Maldoc.ali2000008 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast Win32:TrojanX-gen [Trj] 20201229 21.1.5827.0
Tencent Msil.Trojan-qqpass.Qqrob.Szbi 20201229 1.0.0.1
Kingsoft 20201229 2017.9.26.565
CrowdStrike win/malicious_confidence_60% (W) 20190702 1.0
静态指标
Queries for the computername (50 out of 303 个事件)
Time & API Arguments Status Return Repeated
1619916124.747626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916145.012626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916145.044626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.778626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.778626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.794626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916147.419626
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916125.653126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916145.012126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916145.044126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.762126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.778126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.809126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916147.419126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916127.575374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916145.012374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916145.044374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.778374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.778374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.809374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916147.419374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916130.981126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916145.012126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916145.044126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.762126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.762126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.794126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916147.419126
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916133.590751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916145.012751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916145.044751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.778751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.778751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.809751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916147.419751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916170.325751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916170.325751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916170.325751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916135.622751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916145.012751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916145.044751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.762751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.778751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.794751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916147.419751
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916139.762374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916145.012374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916145.044374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.778374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619916146.794374
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
Checks if process is being debugged by a debugger (50 out of 132 个事件)
Time & API Arguments Status Return Repeated
1619916103.044626
IsDebuggerPresent
failed 0 0
1619916103.059626
IsDebuggerPresent
failed 0 0
1619916112.075626
IsDebuggerPresent
failed 0 0
1619916112.075626
IsDebuggerPresent
failed 0 0
1619916113.840876
IsDebuggerPresent
failed 0 0
1619916113.840876
IsDebuggerPresent
failed 0 0
1619916115.075126
IsDebuggerPresent
failed 0 0
1619916115.075126
IsDebuggerPresent
failed 0 0
1619916115.715499
IsDebuggerPresent
failed 0 0
1619916115.715499
IsDebuggerPresent
failed 0 0
1619916116.981374
IsDebuggerPresent
failed 0 0
1619916116.981374
IsDebuggerPresent
failed 0 0
1619916117.715499
IsDebuggerPresent
failed 0 0
1619916117.715499
IsDebuggerPresent
failed 0 0
1619916119.840126
IsDebuggerPresent
failed 0 0
1619916119.840126
IsDebuggerPresent
failed 0 0
1619916120.590501
IsDebuggerPresent
failed 0 0
1619916120.590501
IsDebuggerPresent
failed 0 0
1619916121.840751
IsDebuggerPresent
failed 0 0
1619916121.872751
IsDebuggerPresent
failed 0 0
1619916123.059626
IsDebuggerPresent
failed 0 0
1619916123.059626
IsDebuggerPresent
failed 0 0
1619916124.340751
IsDebuggerPresent
failed 0 0
1619916124.340751
IsDebuggerPresent
failed 0 0
1619916125.575626
IsDebuggerPresent
failed 0 0
1619916125.575626
IsDebuggerPresent
failed 0 0
1619916127.731374
IsDebuggerPresent
failed 0 0
1619916127.731374
IsDebuggerPresent
failed 0 0
1619916128.669249
IsDebuggerPresent
failed 0 0
1619916128.669249
IsDebuggerPresent
failed 0 0
1619916131.028374
IsDebuggerPresent
failed 0 0
1619916131.028374
IsDebuggerPresent
failed 0 0
1619916131.950249
IsDebuggerPresent
failed 0 0
1619916131.950249
IsDebuggerPresent
failed 0 0
1619916133.361812
IsDebuggerPresent
failed 0 0
1619916133.361812
IsDebuggerPresent
failed 0 0
1619916134.012751
IsDebuggerPresent
failed 0 0
1619916134.012751
IsDebuggerPresent
failed 0 0
1619916135.375125
IsDebuggerPresent
failed 0 0
1619916135.375125
IsDebuggerPresent
failed 0 0
1619916136.178375
IsDebuggerPresent
failed 0 0
1619916136.178375
IsDebuggerPresent
failed 0 0
1619916137.542939
IsDebuggerPresent
failed 0 0
1619916137.542939
IsDebuggerPresent
failed 0 0
1619916138.185938
IsDebuggerPresent
failed 0 0
1619916138.185938
IsDebuggerPresent
failed 0 0
1619916139.570062
IsDebuggerPresent
failed 0 0
1619916139.570062
IsDebuggerPresent
failed 0 0
1619916140.786813
IsDebuggerPresent
failed 0 0
1619916140.786813
IsDebuggerPresent
failed 0 0
Command line console output was observed (50 out of 99 个事件)
Time & API Arguments Status Return Repeated
1619916117.184626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916117.215626
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916116.419001
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916119.825249
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916119.825249
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916118.637249
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916120.840249
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916120.840249
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916120.653876
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916123.637001
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916123.637001
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916123.481751
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916127.700626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916127.700626
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916125.059501
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916129.215626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916129.215626
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916127.684499
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916131.528751
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916131.528751
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916131.090374
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916134.919751
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916134.919751
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916134.778876
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916136.645188
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916136.645188
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916136.520063
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916138.854249
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916138.854249
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916138.730312
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916141.1255
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916141.1255
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916141.039187
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916144.231626
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916144.246626
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916143.739813
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916145.792564
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916145.792564
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916145.708436
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916148.058224
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916148.058224
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916147.901443
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916150.913886
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916150.913886
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916150.205763
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916152.440175
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916152.440175
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
1619916152.232239
WriteConsoleW
buffer: Y
console_handle: 0x00000007
success 1 0
1619916157.408341
WriteConsoleW
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
console_handle: 0x00000007
success 1 0
1619916157.408341
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductID
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619916103.106626
GlobalMemoryStatusEx
success 1 0
One or more processes crashed (45 个事件)
Time & API Arguments Status Return Repeated
1619916163.684751
__exception__
stacktrace: 
0x7bd452f
0x7bd3e76
0x7bd34fc
0x7bd335d
0x7bd3065
0x22efba8
0xa07af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2813752
registers.edi: 2814336
registers.eax: 0
registers.ebp: 2814000
registers.edx: 0
registers.ebx: 0
registers.esi: 47633728
registers.ecx: 47691532
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7bdaaa1
success 0 0
1619916202.606751
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7ec806e
0x7ec718a
0x7bd034f
system+0x216fb6 @ 0x6f9d6fb6
0xb45cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7ec6c70
0x7bd3141
0x22efba8
0xa07af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2812904
registers.edi: 8585216
registers.eax: 4294967288
registers.ebp: 2812948
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8585216
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916163.783812
__exception__
stacktrace: 
0x7ad452f
0x7ad3e76
0x7ad34fc
0x7ad335d
0x7ad3065
0xc7fba8
0xba7af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3270968
registers.edi: 3271552
registers.eax: 0
registers.ebp: 3271216
registers.edx: 0
registers.ebx: 0
registers.esi: 45667648
registers.ecx: 45725452
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7adaaa1
success 0 0
1619916194.470812
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x810806e
0x810718a
0x7ad034f
system+0x216fb6 @ 0x6f9d6fb6
0xc05cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x8106c70
0x7ad3141
0xc7fba8
0xba7af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3270120
registers.edi: 8585216
registers.eax: 4294967288
registers.ebp: 3270164
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8585216
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916164.352062
__exception__
stacktrace: 
0x7c53d7f
0x7c536c6
0x7c52d4c
0x7c52bad
0x7c528b5
0xebef18
0xa97755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2813896
registers.edi: 2814480
registers.eax: 0
registers.ebp: 2814144
registers.edx: 0
registers.ebx: 0
registers.esi: 44019108
registers.ecx: 44076912
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7c5a2f1
success 0 0
1619916189.148062
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x80c773e
0x80c685a
0xebf5ef
system+0x216fb6 @ 0x6f9d6fb6
0xbe5cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x80c6340
0x7c52991
0xebef18
0xa97755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2813048
registers.edi: 7405568
registers.eax: 4294967288
registers.ebp: 2813092
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 7405568
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916164.569
__exception__
stacktrace: 
0x7b93d7f
0x7b936c6
0x7b92d4c
0x7b92bad
0x7b928b5
0xa6ef18
0x947755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2157240
registers.edi: 2157824
registers.eax: 0
registers.ebp: 2157488
registers.edx: 0
registers.ebx: 0
registers.esi: 47295908
registers.ecx: 47353712
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7b9a2f1
success 0 0
1619916211.413
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7ce773e
0x7ce685a
0xa6f5ef
system+0x216fb6 @ 0x6f9d6fb6
0xc15cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7ce6340
0x7b92991
0xa6ef18
0x947755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2156392
registers.edi: 4980736
registers.eax: 4294967288
registers.ebp: 2156436
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 4980736
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916164.627066
__exception__
stacktrace: 
0x7ed3d7f
0x7ed36c6
0x7ed2d4c
0x7ed2bad
0x7ed28b5
0x99ef18
0x817af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1568040
registers.edi: 1568624
registers.eax: 0
registers.ebp: 1568288
registers.edx: 0
registers.ebx: 0
registers.esi: 46378404
registers.ecx: 46436208
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7eda2f1
success 0 0
1619916214.112066
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x830773e
0x830685a
0x99f5ef
system+0x216fb6 @ 0x6f9d6fb6
0x675cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x8306340
0x7ed2991
0x99ef18
0x817af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1567192
registers.edi: 5570560
registers.eax: 4294967288
registers.ebp: 1567236
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 5570560
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916164.61748
__exception__
stacktrace: 
0x7c93d7f
0x7c936c6
0x7c92d4c
0x7c92bad
0x7c928b5
0xa5ef18
0xa07755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1961624
registers.edi: 1962208
registers.eax: 0
registers.ebp: 1961872
registers.edx: 0
registers.ebx: 0
registers.esi: 45919652
registers.ecx: 45977456
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7c9a2f1
success 0 0
1619916211.30448
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x808773e
0x808685a
0xa5f5ef
system+0x216fb6 @ 0x6f9d6fb6
0x935cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x8086340
0x7c92991
0xa5ef18
0xa07755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1960776
registers.edi: 5046272
registers.eax: 4294967288
registers.ebp: 1960820
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 5046272
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916164.627768
__exception__
stacktrace: 
0x7bd3d7f
0x7bd36c6
0x7bd2d4c
0x7bd2bad
0x7bd28b5
0xb2ef18
0x7a7755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3205736
registers.edi: 3206320
registers.eax: 0
registers.ebp: 3205984
registers.edx: 0
registers.ebx: 0
registers.esi: 47361444
registers.ecx: 47419248
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7bda2f1
success 0 0
1619916192.502768
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7ec773e
0x7ec685a
0xb2f5ef
system+0x216fb6 @ 0x6f9d6fb6
0x2585cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7ec6340
0x7bd2991
0xb2ef18
0x7a7755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3204888
registers.edi: 5177344
registers.eax: 4294967288
registers.ebp: 3204932
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 5177344
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916164.581466
__exception__
stacktrace: 
0x7a13d7f
0x7a136c6
0x7a12d4c
0x7a12bad
0x7a128b5
0xdeef18
0x8e7af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 4124040
registers.edi: 4124624
registers.eax: 0
registers.ebp: 4124288
registers.edx: 0
registers.ebx: 0
registers.esi: 48737700
registers.ecx: 48795504
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7a1a2f1
success 0 0
1619916198.065466
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7e0773e
0x7e0685a
0xdef5ef
system+0x216fb6 @ 0x6f9d6fb6
0x2ad5cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7e06340
0x7a12991
0xdeef18
0x8e7af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 4123192
registers.edi: 9371648
registers.eax: 4294967288
registers.ebp: 4123236
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 9371648
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916165.56298
__exception__
stacktrace: 
0x7bd3d7f
0x7bd36c6
0x7bd2d4c
0x7bd2bad
0x7bd28b5
0x96ef18
0x8d7755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 4123880
registers.edi: 4124464
registers.eax: 0
registers.ebp: 4124128
registers.edx: 0
registers.ebx: 0
registers.esi: 46968228
registers.ecx: 47026032
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7bda2f1
success 0 0
1619916205.79798
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7e8773e
0x7e8685a
0x96f5ef
system+0x216fb6 @ 0x6f9d6fb6
0x7f5cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7e86340
0x7bd2991
0x96ef18
0x8d7755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 4123032
registers.edi: 5177344
registers.eax: 4294967288
registers.ebp: 4123076
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 5177344
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916169.480595
__exception__
stacktrace: 
0x7b13d7f
0x7b136c6
0x7b12d4c
0x7b12bad
0x7b128b5
0x99ef18
0x937755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1829816
registers.edi: 1830400
registers.eax: 0
registers.ebp: 1830064
registers.edx: 0
registers.ebx: 0
registers.esi: 49982884
registers.ecx: 50040688
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7b1a2f1
success 0 0
1619916189.230595
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7e8773e
0x7e8685a
0x99f5ef
system+0x216fb6 @ 0x6f9d6fb6
0xcf5cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7e86340
0x7b12991
0x99ef18
0x937755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1828968
registers.edi: 7536640
registers.eax: 4294967288
registers.ebp: 1829012
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 7536640
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916173.428605
__exception__
stacktrace: 
0x7c93d7f
0x7c936c6
0x7c92d4c
0x7c92bad
0x7c928b5
0xd2ef18
0xb97af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1568744
registers.edi: 1569328
registers.eax: 0
registers.ebp: 1568992
registers.edx: 0
registers.ebx: 0
registers.esi: 47230372
registers.ecx: 47288176
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7c9a2f1
success 0 0
1619916215.538605
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x871773e
0x871685a
0xd2f5ef
system+0x216fb6 @ 0x6f9d6fb6
0xd75cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x8716340
0x7c92991
0xd2ef18
0xb97af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1567896
registers.edi: 9371648
registers.eax: 4294967288
registers.ebp: 1567940
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 9371648
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916176.764598
__exception__
stacktrace: 
0x7a93d7f
0x7a936c6
0x7a92d4c
0x7a92bad
0x7a928b5
0xbaef18
0xb57755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3729896
registers.edi: 3730480
registers.eax: 0
registers.ebp: 3730144
registers.edx: 0
registers.ebx: 0
registers.esi: 47492516
registers.ecx: 47550320
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7a9a2f1
success 0 0
1619916178.560242
__exception__
stacktrace: 
0x7c53d7f
0x7c536c6
0x7c52d4c
0x7c52bad
0x7c528b5
0xa9ef18
0x907af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 4124248
registers.edi: 4124832
registers.eax: 0
registers.ebp: 4124496
registers.edx: 0
registers.ebx: 0
registers.esi: 47033764
registers.ecx: 47091568
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7c5a2f1
success 0 0
1619916215.404242
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7ea773e
0x7ea685a
0xa9f5ef
system+0x216fb6 @ 0x6f9d6fb6
0x2b55cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7ea6340
0x7c52991
0xa9ef18
0x907af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 4123400
registers.edi: 1703936
registers.eax: 4294967288
registers.ebp: 4123444
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 1703936
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916181.576453
__exception__
stacktrace: 
0x7c13d7f
0x7c136c6
0x7c12d4c
0x7c12bad
0x7c128b5
0xcfef18
0x807755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2944232
registers.edi: 2944816
registers.eax: 0
registers.ebp: 2944480
registers.edx: 0
registers.ebx: 0
registers.esi: 46640548
registers.ecx: 46698352
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7c1a2f1
success 0 0
1619916217.998453
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x828773e
0x828685a
0xcff5ef
system+0x216fb6 @ 0x6f9d6fb6
0xd15cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x8286340
0x7c12991
0xcfef18
0x807755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2943384
registers.edi: 8454144
registers.eax: 4294967288
registers.ebp: 2943428
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8454144
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916184.105985
__exception__
stacktrace: 
0x7c93d7f
0x7c936c6
0x7c92d4c
0x7c92bad
0x7c928b5
0xc7ef18
0xb17755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3205832
registers.edi: 3206416
registers.eax: 0
registers.ebp: 3206080
registers.edx: 0
registers.ebx: 0
registers.esi: 45264292
registers.ecx: 45322096
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7c9a2f1
success 0 0
1619916223.590985
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7f0773e
0x7f0685a
0xc7f5ef
system+0x216fb6 @ 0x6f9d6fb6
0x29a5cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7f06340
0x7c92991
0xc7ef18
0xb17755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3204984
registers.edi: 8454144
registers.eax: 4294967288
registers.ebp: 3205028
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8454144
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916187.361563
__exception__
stacktrace: 
0x7d93d7f
0x7d936c6
0x7d92d4c
0x7d92bad
0x7d928b5
0xc5ef18
0x5e7755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3469096
registers.edi: 3469680
registers.eax: 0
registers.ebp: 3469344
registers.edx: 0
registers.ebx: 0
registers.esi: 47099300
registers.ecx: 47157104
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7d9a2f1
success 0 0
1619916223.439563
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x800773e
0x800685a
0xc5f5ef
system+0x216fb6 @ 0x6f9d6fb6
0xdb5cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x8006340
0x7d92991
0xc5ef18
0x5e7755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3468248
registers.edi: 8192000
registers.eax: 4294967288
registers.ebp: 3468292
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 8192000
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916192.282337
__exception__
stacktrace: 
0x7f53d7f
0x7f536c6
0x7f52d4c
0x7f52bad
0x7f528b5
0xc4ef18
0xba7755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2681768
registers.edi: 2682352
registers.eax: 0
registers.ebp: 2682016
registers.edx: 0
registers.ebx: 0
registers.esi: 44608932
registers.ecx: 44666736
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7f5a2f1
success 0 0
1619916226.282337
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x889773e
0x889685a
0xc4f5ef
system+0x216fb6 @ 0x6f9d6fb6
0xdb5cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x8896340
0x7f52991
0xc4ef18
0xba7755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2680920
registers.edi: 5701632
registers.eax: 4294967288
registers.ebp: 2680964
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 5701632
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916195.315233
__exception__
stacktrace: 
0x7e13d7f
0x7e136c6
0x7e12d4c
0x7e12bad
0x7e128b5
0x286ef18
0x927755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2156744
registers.edi: 2157328
registers.eax: 0
registers.ebp: 2156992
registers.edx: 0
registers.ebx: 0
registers.esi: 45788580
registers.ecx: 45846384
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7e1a2f1
success 0 0
1619916229.127233
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x861773e
0x861685a
0x286f5ef
system+0x216fb6 @ 0x6f9d6fb6
0x575cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x8616340
0x7e12991
0x286ef18
0x927755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2155896
registers.edi: 5963776
registers.eax: 4294967288
registers.ebp: 2155940
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 5963776
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916198.027207
__exception__
stacktrace: 
0x7cd3d7f
0x7cd36c6
0x7cd2d4c
0x7cd2bad
0x7cd28b5
0xf1ef18
0xbd7a15
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2550696
registers.edi: 2551280
registers.eax: 0
registers.ebp: 2550944
registers.edx: 0
registers.ebx: 0
registers.esi: 44936612
registers.ecx: 44994416
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7cda2f1
success 0 0
1619916232.090207
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7f8773e
0x7f8685a
0xf1f5ef
system+0x216fb6 @ 0x6f9d6fb6
0x2945cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7f86340
0x7cd2991
0xf1ef18
0xbd7a15
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2549848
registers.edi: 5308416
registers.eax: 4294967288
registers.ebp: 2549892
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 5308416
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916202.291142
__exception__
stacktrace: 
0x7b53d7f
0x7b536c6
0x7b52d4c
0x7b52bad
0x7b528b5
0xbdef18
0x7e7af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3337688
registers.edi: 3338272
registers.eax: 0
registers.ebp: 3337936
registers.edx: 0
registers.ebx: 0
registers.esi: 48213412
registers.ecx: 48271216
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7b5a2f1
success 0 0
1619916235.353142
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7f0773e
0x7f0685a
0xbdf5ef
system+0x216fb6 @ 0x6f9d6fb6
0xa15cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7f06340
0x7b52991
0xbdef18
0x7e7af5
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3336840
registers.edi: 6619136
registers.eax: 4294967288
registers.ebp: 3336884
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 6619136
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916208.133163
__exception__
stacktrace: 
0x7bd3d7f
0x7bd36c6
0x7bd2d4c
0x7bd2bad
0x7bd28b5
0xc2ef18
0xb07755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3336888
registers.edi: 3337472
registers.eax: 0
registers.ebp: 3337136
registers.edx: 0
registers.ebx: 0
registers.esi: 48606628
registers.ecx: 48664432
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7bda2f1
success 0 0
1619916238.633163
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x7f8773e
0x7f8685a
0xc2f5ef
system+0x216fb6 @ 0x6f9d6fb6
0xc55cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x7f86340
0x7bd2991
0xc2ef18
0xb07755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3336040
registers.edi: 9109504
registers.eax: 4294967288
registers.ebp: 3336084
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 9109504
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916213.485992
__exception__
stacktrace: 
0x7e13d7f
0x7e136c6
0x7e12d4c
0x7e12bad
0x7e128b5
0x232ef18
0x967755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2287816
registers.edi: 2288400
registers.eax: 0
registers.ebp: 2288064
registers.edx: 0
registers.ebx: 0
registers.esi: 46116260
registers.ecx: 46174064
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7e1a2f1
success 0 0
1619916241.594992
__exception__
stacktrace: 
_vsnprintf+0xa9 strncpy_s-0x79 ntdll+0x79e31 @ 0x77da9e31
IsBadReadPtr+0xcc CreateSemaphoreA-0x31 kernel32+0x3d141 @ 0x7637d141
OleCreateFromData+0x195 NdrProxyForwardingFunction4-0x81f ole32+0xc586d @ 0x767b586d
ObjectStublessClient31+0x886b STGMEDIUM_UserUnmarshal-0x20e43 ole32+0x998db @ 0x767898db
system+0x577bfc @ 0x718e7bfc
system+0x7a0f66 @ 0x6ff60f66
system+0x7a092c @ 0x6ff6092c
system+0x7a058e @ 0x6ff6058e
system+0x79e700 @ 0x6ff5e700
system+0x79d843 @ 0x6ff5d843
system+0x79d8b1 @ 0x6ff5d8b1
0x80c773e
0x80c685a
0x232f5ef
system+0x216fb6 @ 0x6f9d6fb6
0x8f5cad
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x775a62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x775a6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x775a6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x775a6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x77d4011a
0x80c6340
0x7e12991
0x232ef18
0x967755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 2286968
registers.edi: 5570560
registers.eax: 4294967288
registers.ebp: 2287012
registers.edx: 0
registers.ebx: 0
registers.esi: 0
registers.ecx: 5570560
exception.instruction_r: 80 78 07 05 0f 84 64 8a 01 00 f6 40 07 3f 0f 84
exception.symbol: _vsnprintf+0xd0 strncpy_s-0x52 ntdll+0x79e58
exception.instruction: cmp byte ptr [eax + 7], 5
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 499288
exception.address: 0x77da9e58
success 0 0
1619916238.64585
__exception__
stacktrace: 
0x7c13d7f
0x7c136c6
0x7c12d4c
0x7c12bad
0x7c128b5
0x237ef18
0xc57755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 3467512
registers.edi: 3468096
registers.eax: 0
registers.ebp: 3467760
registers.edx: 0
registers.ebx: 0
registers.esi: 46575012
registers.ecx: 46632816
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7c1a2f1
success 0 0
1619916238.710016
__exception__
stacktrace: 
0x7bd3d7f
0x7bd36c6
0x7bd2d4c
0x7bd2bad
0x7bd28b5
0x9aef18
0x827755
DllUnregisterServerInternal-0x3e21 clr+0x21db @ 0x73b921db
CoUninitializeEE+0x6862 DllRegisterServerInternal-0xc91e clr+0x24a2a @ 0x73bb4a2a
CoUninitializeEE+0x6a04 DllRegisterServerInternal-0xc77c clr+0x24bcc @ 0x73bb4bcc
CoUninitializeEE+0x6a39 DllRegisterServerInternal-0xc747 clr+0x24c01 @ 0x73bb4c01
CoUninitializeEE+0x6a59 DllRegisterServerInternal-0xc727 clr+0x24c21 @ 0x73bb4c21
GetCLRFunction+0xc08 GetMetaDataPublicInterfaceFromInternal-0x8a65 clr+0xece82 @ 0x73c7ce82
GetCLRFunction+0xd16 GetMetaDataPublicInterfaceFromInternal-0x8957 clr+0xecf90 @ 0x73c7cf90
GetCLRFunction+0xb2a GetMetaDataPublicInterfaceFromInternal-0x8b43 clr+0xecda4 @ 0x73c7cda4
GetCLRFunction+0xf1f GetMetaDataPublicInterfaceFromInternal-0x874e clr+0xed199 @ 0x73c7d199
GetCLRFunction+0xe20 GetMetaDataPublicInterfaceFromInternal-0x884d clr+0xed09a @ 0x73c7d09a
_CorExeMain+0x1c SetRuntimeInfo-0x181d clr+0x16af00 @ 0x73cfaf00
_CorExeMain+0x38 _CorExeMain2-0x134 mscoreei+0x55ab @ 0x745255ab
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x747a7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x747a4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 4057816
registers.edi: 4058400
registers.eax: 0
registers.ebp: 4058064
registers.edx: 0
registers.ebx: 0
registers.esi: 44477860
registers.ecx: 44535664
exception.instruction_r: 8b 40 04 89 45 d4 33 d2 89 55 d0 90 e9 76 05 00
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7bda2f1
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features GET method with no useragent header suspicious_request GET http://bot.whatismyipaddress.com/
Performs some HTTP requests (1 个事件)
request GET http://bot.whatismyipaddress.com/
Allocates read-write-execute memory (usually to unpack itself) (50 out of 5080 个事件)
Time & API Arguments Status Return Repeated
1619916101.356626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 1441792
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00500000
success 0 0
1619916101.356626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00620000
success 0 0
1619916102.622626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 262144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00390000
success 0 0
1619916102.622626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00390000
success 0 0
1619916102.872626
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1619916103.044626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 1638400
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00b40000
success 0 0
1619916103.044626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00c90000
success 0 0
1619916103.059626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003da000
success 0 0
1619916103.075626
NtProtectVirtualMemory
process_identifier: 1688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b92000
success 0 0
1619916103.075626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003d2000
success 0 0
1619916103.387626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e2000
success 0 0
1619916103.450626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00405000
success 0 0
1619916103.450626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0040b000
success 0 0
1619916103.450626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00407000
success 0 0
1619916103.622626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e3000
success 0 0
1619916103.669626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003ec000
success 0 0
1619916103.809626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00660000
success 0 0
1619916103.825626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f6000
success 0 0
1619916103.856626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003fa000
success 0 0
1619916103.856626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003f7000
success 0 0
1619916103.903626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e4000
success 0 0
1619916104.294626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x003e5000
success 0 0
1619916104.403626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00661000
success 0 0
1619916105.622626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00680000
success 0 0
1619916112.965626
NtAllocateVirtualMemory
process_identifier: 1688
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00662000
success 0 0
1619916112.028626
NtProtectVirtualMemory
process_identifier: 1712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74521000
success 0 0
1619916112.028626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 1835008
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00920000
success 0 0
1619916112.028626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00aa0000
success 0 0
1619916112.044626
NtProtectVirtualMemory
process_identifier: 1712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1619916112.044626
NtProtectVirtualMemory
process_identifier: 1712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73ad1000
success 0 0
1619916112.044626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 1245184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00ae0000
success 0 0
1619916112.044626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00bd0000
success 0 0
1619916112.044626
NtProtectVirtualMemory
process_identifier: 1712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1619916112.075626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 393216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00670000
success 0 0
1619916112.075626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00690000
success 0 0
1619916112.075626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0051a000
success 0 0
1619916112.075626
NtProtectVirtualMemory
process_identifier: 1712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b92000
success 0 0
1619916112.075626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00512000
success 0 0
1619916112.090626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00522000
success 0 0
1619916112.090626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00645000
success 0 0
1619916112.090626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0064b000
success 0 0
1619916112.090626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00647000
success 0 0
1619916112.090626
NtProtectVirtualMemory
process_identifier: 1712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x74511000
success 0 0
1619916112.090626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00523000
success 0 0
1619916112.090626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00524000
success 0 0
1619916112.090626
NtProtectVirtualMemory
process_identifier: 1712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x75061000
success 0 0
1619916112.106626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0052c000
success 0 0
1619916112.106626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x008a0000
success 0 0
1619916112.184626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00525000
success 0 0
1619916112.184626
NtAllocateVirtualMemory
process_identifier: 1712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x008a1000
success 0 0
Steals private information from local Internet browsers (28 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crowd Deny\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Crashpad\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Safe Browsing\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Floc\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SafetyTips\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\GrShaderCache\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\pnacl\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ShaderCache\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\WidevineCdm\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\FileTypePolicies\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\hyphen-data\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Subresource Filter\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\MEIPreload\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\SwReporter\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\AutofillStates\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\OriginTrials\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Login Data
file C:\Users\Administrator.Oskar-PC\AppData\Local\Yandex\YandexBrowser\User Data\
Looks up the external IP address (1 个事件)
domain bot.whatismyipaddress.com
Creates a suspicious process (2 个事件)
cmdline "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
cmdline cmd.exe /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
Executes one or more WMI queries (2 个事件)
wmi SELECT MacAddress FROM Win32_NetworkAdapterConfiguration
wmi SELECT ProcessorId FROM Win32_Processor
A process created a hidden window (33 个事件)
Time & API Arguments Status Return Repeated
1619916112.528626
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916114.965876
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916116.872499
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916119.731499
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916121.731501
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916124.231626
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916127.637626
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916131.137249
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916133.106249
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916135.153751
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916137.319375
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916139.342938
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916141.911813
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916144.511187
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916146.522819
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916148.609388
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916151.762582
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916154.511092
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916158.924769
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916161.618745
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916165.127408
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916167.759279
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916170.540003
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916173.363905
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916176.810915
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916180.662212
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916183.461521
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916186.786209
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916190.64553
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916197.065804
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916202.221614
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916205.768088
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
1619916207.730237
ShellExecuteExW
parameters: /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
filepath: cmd.exe
filepath_r: cmd.exe
show_type: 0
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619916178.247751
GetAdaptersAddresses
flags: 15
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 6.829213082884739 section {'size_of_data': '0x0009c800', 'virtual_address': '0x00002000', 'entropy': 6.829213082884739, 'name': '.text', 'virtual_size': '0x0009c624'} description A section with a high entropy has been found
entropy 0.7849529780564264 description Overall entropy of this PE file is high
Checks for the Locally Unique Identifier on the system for a suspicious privilege (50 out of 54 个事件)
Time & API Arguments Status Return Repeated
1619916112.887626
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916114.981876
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916116.872499
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916119.731499
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916121.731501
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916202.590751
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916124.231626
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916127.637626
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916131.184249
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916133.106249
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916194.470812
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916135.153751
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916137.319375
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916139.342938
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916187.039062
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916141.911813
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916211.413
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916144.511187
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916214.112066
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916146.537819
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916211.30448
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916148.609388
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916192.502768
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916151.762582
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916198.065466
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916154.527092
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916205.78198
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916158.924769
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916189.230595
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916161.634745
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916215.538605
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916165.127408
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916167.775279
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916215.404242
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916170.555003
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916217.982453
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916173.363905
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916223.574985
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916176.810915
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916223.424563
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916180.662212
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916226.266337
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916183.461521
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916229.127233
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916186.802209
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916232.090207
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916190.64553
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916235.338142
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916197.080804
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
1619916238.633163
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
Terminates another process (50 out of 64 个事件)
Time & API Arguments Status Return Repeated
1619916115.028876
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000022c
failed 0 0
1619916115.028876
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000022c
success 0 0
1619916116.934499
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
failed 0 0
1619916116.934499
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
success 0 0
1619916119.794499
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
failed 0 0
1619916119.794499
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
success 0 0
1619916121.794501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000388
failed 0 0
1619916121.794501
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000388
success 0 0
1619916124.309626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
failed 0 0
1619916124.309626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
success 0 0
1619916127.700626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000388
failed 0 0
1619916127.700626
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000388
success 0 0
1619916131.294249
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
failed 0 0
1619916131.294249
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
success 0 0
1619916133.153249
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619916133.153249
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619916135.231751
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619916135.231751
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619916137.397375
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
failed 0 0
1619916137.397375
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
success 0 0
1619916139.420938
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619916139.420938
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619916141.973813
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619916141.973813
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619916144.604187
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000038c
failed 0 0
1619916144.604187
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000038c
success 0 0
1619916146.615819
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000388
failed 0 0
1619916146.615819
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000388
success 0 0
1619916148.687388
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000394
failed 0 0
1619916148.687388
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000394
success 0 0
1619916151.871582
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619916151.871582
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619916154.620092
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619916154.620092
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619916159.002769
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
failed 0 0
1619916159.002769
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x0000037c
success 0 0
1619916161.743745
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
failed 0 0
1619916161.743745
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
success 0 0
1619916165.284408
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619916165.284408
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619916167.946279
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
failed 0 0
1619916167.946279
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000384
success 0 0
1619916170.790003
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000388
failed 0 0
1619916170.790003
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000388
success 0 0
1619916173.488905
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619916173.488905
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619916176.966915
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619916176.966915
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
1619916180.865212
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
failed 0 0
1619916180.865212
NtTerminateProcess
status_code: 0x00000001
process_identifier: 0
process_handle: 0x00000380
success 0 0
Uses Windows utilities for basic Windows functionality (2 个事件)
cmdline "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
cmdline cmd.exe /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe"
Executes one or more WMI queries which can be used to identify virtual machines (2 个事件)
wmi SELECT ProcessorId FROM Win32_Processor
wmi SELECT MacAddress FROM Win32_NetworkAdapterConfiguration
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
A process attempted to delay the analysis task. (1 个事件)
description RegAsm.exe tried to sleep 60027704 seconds, actually delayed analysis time by 60027704 seconds
Deletes executed files from disk (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\cb46aab04048194cea26e4ddedd3f10e.exe
Manipulates memory of a non-child process indicative of process injection (24 个事件)
Process injection Process 3736 manipulating memory of non-child process 3972
Process injection Process 1704 manipulating memory of non-child process 3192
Process injection Process 4396 manipulating memory of non-child process 4052
Process injection Process 2648 manipulating memory of non-child process 5276
Process injection Process 7336 manipulating memory of non-child process 7488
Process injection Process 7336 manipulating memory of non-child process 7564
Process injection Process 8104 manipulating memory of non-child process 6612
Process injection Process 7332 manipulating memory of non-child process 7500
Time & API Arguments Status Return Repeated
1619916127.356626
NtAllocateVirtualMemory
process_identifier: 3972
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000020c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000c0000
success 0 0
1619916127.372626
NtAllocateVirtualMemory
process_identifier: 3972
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000020c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000d0000
success 0 0
1619916129.747249
NtAllocateVirtualMemory
process_identifier: 3192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000020c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000c0000
success 0 0
1619916129.747249
NtAllocateVirtualMemory
process_identifier: 3192
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000020c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000d0000
success 0 0
1619916143.886187
NtAllocateVirtualMemory
process_identifier: 4052
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000208
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000c0000
success 0 0
1619916143.886187
NtAllocateVirtualMemory
process_identifier: 4052
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000208
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000d0000
success 0 0
1619916148.546388
NtAllocateVirtualMemory
process_identifier: 5276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000210
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000c0000
success 0 0
1619916148.546388
NtAllocateVirtualMemory
process_identifier: 5276
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000210
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000d0000
success 0 0
1619916194.127804
NtAllocateVirtualMemory
process_identifier: 7488
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000020c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000c0000
success 0 0
1619916194.127804
NtAllocateVirtualMemory
process_identifier: 7488
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000020c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000d0000
success 0 0
1619916194.221804
NtAllocateVirtualMemory
process_identifier: 7564
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000220
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000c0000
success 0 0
1619916194.221804
NtAllocateVirtualMemory
process_identifier: 7564
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000220
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000d0000
success 0 0
1619916201.877614
NtAllocateVirtualMemory
process_identifier: 6612
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000020c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000c0000
success 0 0
1619916201.877614
NtAllocateVirtualMemory
process_identifier: 6612
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x0000020c
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000d0000
success 0 0
1619916207.668237
NtAllocateVirtualMemory
process_identifier: 7500
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000210
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000c0000
success 0 0
1619916207.668237
NtAllocateVirtualMemory
process_identifier: 7500
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000210
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x000d0000
success 0 0
Harvests credentials from local email clients (3 个事件)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
registry HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
registry HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Attempts to remove evidence of file being downloaded from the Internet (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\None:Zone.Identifier
File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.66666
FireEye Generic.mg.cb46aab04048194c
McAfee Packed-GAJ!CB46AAB04048
Cylance Unsafe
K7AntiVirus Trojan ( 0056081c1 )
Alibaba Trojan:Win32/Maldoc.ali2000008
K7GW Trojan ( 0056081c1 )
Cybereason malicious.040481
Arcabit Trojan.Generic.D1046A
Cyren W32/Trojan.XSFN-0463
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
Kaspersky HEUR:Trojan-PSW.MSIL.Heye.gen
BitDefender Trojan.GenericKDZ.66666
Paloalto generic.ml
Tencent Msil.Trojan-qqpass.Qqrob.Szbi
Ad-Aware Trojan.GenericKDZ.66666
Sophos Mal/Generic-S
Comodo Malware@#3c036o8let6xb
F-Secure Heuristic.HEUR/AGEN.1116674
DrWeb Trojan.KillProc2.10031
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R06EC0DI220
McAfee-GW-Edition BehavesLike.Win32.Generic.bh
Emsisoft Trojan.GenericKDZ.66666 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.PSW.MSIL.xob
eGambit Unsafe.AI_Score_99%
Avira HEUR/AGEN.1116674
MAX malware (ai score=100)
Antiy-AVL Trojan/Win32.Wacatac
Microsoft Trojan:Win32/FormBook.BY!MTB
ZoneAlarm HEUR:Trojan-PSW.MSIL.Heye.gen
GData Trojan.GenericKDZ.66666
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.RL_Generic.C4264567
BitDefenderTheta Gen:NN.ZemsilF.34700.XmW@a8eIyJki
VBA32 TScope.Trojan.MSIL
Malwarebytes Trojan.RNDCrypt.MSIL.Generic
ESET-NOD32 a variant of MSIL/Kryptik.WBY
TrendMicro-HouseCall TROJ_GEN.R06EC0DI220
Yandex Trojan.GenKryptik!YSIzZc2adDM
Ikarus Trojan.MSIL.Inject
MaxSecure Trojan.Malware.73711975.susgen
Fortinet MSIL/Kryptik.VCR!tr
Webroot W32.Trojan.Gen
AVG Win32:TrojanX-gen [Trj]
Panda Trj/GdSda.A
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-04-21 01:51:30

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49339 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49348 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49353 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49358 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49365 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49368 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49376 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49384 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49390 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49402 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49406 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49409 66.171.248.178 bot.whatismyipaddress.com 80
192.168.56.101 49414 66.171.248.178 bot.whatismyipaddress.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50849 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53380 224.0.0.252 5355
192.168.56.101 53661 224.0.0.252 5355
192.168.56.101 54178 224.0.0.252 5355
192.168.56.101 54991 224.0.0.252 5355
192.168.56.101 56743 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://bot.whatismyipaddress.com/ 
GET / HTTP/1.1
Host: bot.whatismyipaddress.com
Connection: Keep-Alive

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.