Crash in falconshelper, Analyzed 4 dumps, total processed 250, rate equals 1.60%
Top 1: Version = 2.7224.1000.625, Total count = 4
dump count = 1
ChildEBP RetAddr
064cf818 75c8f30b msctf!TF_Notify+0x1d9
064cf830 75c8bbf9 user32!CtfHookProcWorker+0x2b
064cf878 75c8bb45 user32!CallHookWithSEH+0x59
064cf8b0 777054bd user32!__fnHkINLPMSG+0x55
064cf8f8 7697106c ntdll!KiUserCallbackDispatcher+0x4d
064cf8fc 75c8be9e win32u!NtUserGetMessage+0xc
064cf938 5f197988 user32!GetMessageW+0x2e
064cfb50 5f1985bf FalconsHelper!FalconsMain::Run+0x328
064cfb58 5f1f6f97 FalconsHelper!FalconsMain::ThreadProc+0xf
064cfb90 7618fcc9 FalconsHelper!thread_start<unsigned int (__stdcall*)(void *)>+0x58
064cfba0 776f809e kernel32!BaseThreadInitThunk+0x19
064cfbfc 776f806e ntdll!__RtlUserThreadStart+0x2f
064cfc0c 00000000 ntdll!_RtlUserThreadStart+0x1b
1f7a5082704973acb3d1012225525393_001.dmp
dump count = 1
ChildEBP RetAddr
0535eeb0 7966d96f KERNELBASE!RaiseException+0x62
0535eef4 795f13cc FalconsHelper!_CxxThrowException+0x66
0535ef04 79600e8a FalconsHelper!ATL::AtlThrowImpl+0x1c
0535ef10 7962671f FalconsHelper!ATL::AtlConvAllocMemory<char>+0x6a
0535ef38 79626d47 FalconsHelper!ATL::CW2AEX<128>::CW2AEX<128>+0x4f
0535f140 796125cd FalconsHelper!EncryptHelper::EncryptStr+0x87
0535f3a0 796157e1 FalconsHelper!FalconsMain::IsAllowedByControlCenter+0x14cd
0535f688 796186c7 FalconsHelper!FalconsMain::OnRecvBrowserEvent+0x1301
0535f6a8 75a948eb FalconsHelper!FalconsMain::WndPro+0xf7
0535f6d4 75a7613c user32!_InternalCallWinProc+0x2b
0535f7b8 75a7528e user32!UserCallWinProcCheckWow+0x3ac
0535f82c 75a75070 user32!DispatchMessageWorker+0x20e
0535f838 7961797c user32!DispatchMessageW+0x10
0535fa44 796185bf FalconsHelper!FalconsMain::Run+0x31c
0535fa4c 79676f97 FalconsHelper!FalconsMain::ThreadProc+0xf
0535fa84 75c06359 FalconsHelper!thread_start<unsigned int (__stdcall*)(void *)>+0x58
0535fa94 77177a94 kernel32!BaseThreadInitThunk+0x19
0535faf0 77177a64 ntdll!__RtlUserThreadStart+0x2f
0535fb00 00000000 ntdll!_RtlUserThreadStart+0x1b
9e8161b4ec9a641f5e459f1257afabc6_000.dmp
dump count = 1
ChildEBP RetAddr
06f8d294 74afbbb3 ntdll!RtlLeaveCriticalSection+0x9
06f8d2b4 74b03101 rpcrt4!LRPC_BASE_BINDING_HANDLE::DriveStateForward+0x34e
06f8d304 74af737f rpcrt4!LRPC_BINDING_HANDLE::NegotiateTransferSyntax+0x13b
06f8d320 74af6a64 rpcrt4!I_RpcGetBufferWithObject+0x15d
06f8d330 74af7f9c rpcrt4!I_RpcGetBuffer+0xf
06f8d340 74b9011d rpcrt4!NdrGetBuffer+0x2e
06f8d760 72736e28 rpcrt4!NdrClientCall2+0x17a
06f8d778 72736dbf dnsapi!R_DnsGetProxyInformation+0x19
06f8d7e4 7575fe03 dnsapi!DnsGetProxyInformation+0xb3
06f8d818 7575fcd3 wininet!DirectAccessResolver::GetProxyForUrl+0xc7
06f8d848 7575fbd1 wininet!WininetProxyManager::OnProcessGetProxyForUrl+0xb0
06f8d86c 7575f5f1 wininet!WininetProxyManager::GetProxyForUrl+0xc7
06f8d8a8 757badf4 wininet!InternalInternetGetProxyForUrl+0x110
06f8d8f4 757bacf2 wininet!InternalInternetSyncGetProxyForUrlW+0x9b
06f8d944 757babdc wininet!InternalInternetSyncGetProxyForUrlA+0xa5
06f8d9a4 75c83625 wininet!IsHostInProxyBypassList+0xbd
06f8dadc 75c7d59d urlmon!CSecurityManager::CheckProxyBypassRule+0x14e
06f8dd3c 75c7f680 urlmon!CSecurityManager::_MapComponentsToZone+0x2da
06f8e298 75c790d6 urlmon!CSecurityManager::MapUrlToZoneEx2Internal+0x478
06f8e824 75c75d37 urlmon!CSecurityManager::MapUrlToZoneEx2+0x633
06f8e870 75c75f19 urlmon!CINetHttp::SetOptionsForUnicodeUrl+0x5a
06f8f0a4 75c759d2 urlmon!CINetHttp::INetAsyncOpenRequest+0x3bf
06f8f120 75c75a0e urlmon!CINet::INetAsyncConnect+0x40b
06f8f144 75c727da urlmon!CINet::INetAsyncOpen+0x19
06f8f17c 75ca7ca1 urlmon!CINet::StartCommon+0x4c1
06f8f1a8 75c6c5d4 urlmon!COInetProt::StartEx+0x162
06f8f288 75c6f665 urlmon!CTransaction::StartEx+0x9e4
06f8f3b8 75c6eff3 urlmon!CBinding::StartBinding+0xb90
06f8f3f0 75c6f712 urlmon!CUrlMon::StartBinding+0x302
06f8f418 75c8c18e urlmon!CUrlMon::BindToStorage+0x63
06f8f458 75c8c677 urlmon!CBaseBSCB::KickOffDownload+0x80
06f8f718 0f40dcc5 urlmon!URLDownloadToCacheFileW+0x108
06f8fb74 0f40ba49 FalconsHelper!CStatisticImpl::InternalDownloadFile+0xa5
06f8fbd0 0f456f97 FalconsHelper!CStatisticImpl::DownloadThreadProc+0x139
06f8fc08 74d5343d FalconsHelper!thread_start<unsigned int (__stdcall*)(void *)>+0x58
06f8fc14 770c9812 kernel32!BaseThreadInitThunk+0xe
06f8fc54 770c97e5 ntdll!__RtlUserThreadStart+0x70
06f8fc6c 00000000 ntdll!_RtlUserThreadStart+0x1b
491153dbb63ed7fc6d4a9c2e1bb950d6_000.dmp
dump count = 1
ChildEBP RetAddr
0643eea4 775fe0c3 ntdll!RtlpLowFragHeapFree+0x31
0643eebc 750f14bd ntdll!RtlFreeHeap+0x105
0643eed0 04a46c3f kernel32!HeapFree+0x14
0643eee4 04a35084 FalconsHelper!_free_base+0x1c
0643eef4 049e7068 FalconsHelper!free+0x18
0643ef34 049e6e19 FalconsHelper!EncryptHelper::Encrypt_Blowfish_Base64+0xe8
0643f140 049d25cd FalconsHelper!EncryptHelper::EncryptStr+0x159
0643f3a0 049d57e1 FalconsHelper!FalconsMain::IsAllowedByControlCenter+0x14cd
0643f688 049d86c7 FalconsHelper!FalconsMain::OnRecvBrowserEvent+0x1301
0643f6a8 75bb62fa FalconsHelper!FalconsMain::WndPro+0xf7
0643f6d4 75bb6d3a user32!InternalCallWinProc+0x23
0643f74c 75bb77c4 user32!UserCallWinProcCheckWow+0x109
0643f7ac 75bb788a user32!DispatchMessageWorker+0x3b5
0643f7bc 049d797c user32!DispatchMessageW+0xf
0643f9c8 049d85bf FalconsHelper!FalconsMain::Run+0x31c
0643f9d0 04a36f97 FalconsHelper!FalconsMain::ThreadProc+0xf
0643fa08 750f344d FalconsHelper!thread_start<unsigned int (__stdcall*)(void *)>+0x58
0643fa14 77609802 kernel32!BaseThreadInitThunk+0xe
0643fa54 776097d5 ntdll!__RtlUserThreadStart+0x70
0643fa6c 00000000 ntdll!_RtlUserThreadStart+0x1b
0dd3ea349b6921c253fa60d99f75c91c_000.dmp