popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Kdkvxufvvymmebagxmoolsfkmwkkqanimn.exe

Malicious Library UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 19, 2021, 10:39 a.m. Sept. 19, 2021, 10:42 a.m.
Size 836.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 663dfa8f055ba37eaa8bffc10026f311
SHA256 08c2e043056e5885236672d75e1f62ca87cffebb47457efc644611a065bfebcb
CRC32 E538962F
ssdeep 12288:RNnBrnT39eHh9pAE6pPnrvQHOgJ8q//CS4/FZ4KPvnk6LHC7WWnMvwfHVBPggsek:35nReHhXknrvJ5K/vtKHngseB
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
cdn.discordapp.com
A 162.159.135.233
A 162.159.134.233
A 162.159.129.233
A 162.159.130.233
A 162.159.133.233
162.159.129.233
IP Address Status Action
162.159.135.233 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49201 -> 162.159.135.233:443 906200056 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49201
162.159.135.233:443 		C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2 C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da

section .itext
packer BobSoft Mini Delphi -> BoB / BobSoft
resource name DASO
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e
RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633116
registers.edi: 1633204
registers.eax: 23117
registers.ebp: 1633176
registers.edx: 0
registers.ebx: 0
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1632968
registers.edi: 1633064
registers.eax: 23117
registers.ebp: 1633028
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000558592
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7
RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633100
registers.edi: 1633188
registers.eax: 23117
registers.ebp: 1633160
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633224
registers.edi: 1633320
registers.eax: 23117
registers.ebp: 1633284
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000662016
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e
RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633116
registers.edi: 1633204
registers.eax: 23117
registers.ebp: 1633176
registers.edx: 0
registers.ebx: 0
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1632968
registers.edi: 1633064
registers.eax: 23117
registers.ebp: 1633028
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000558592
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7
RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633100
registers.edi: 1633188
registers.eax: 23117
registers.ebp: 1633160
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633224
registers.edi: 1633320
registers.eax: 23117
registers.ebp: 1633284
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000662016
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e
RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633116
registers.edi: 1633204
registers.eax: 23117
registers.ebp: 1633176
registers.edx: 0
registers.ebx: 0
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1632968
registers.edi: 1633064
registers.eax: 23117
registers.ebp: 1633028
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000558592
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7
RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633100
registers.edi: 1633188
registers.eax: 23117
registers.ebp: 1633160
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633224
registers.edi: 1633320
registers.eax: 23117
registers.ebp: 1633284
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000662016
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e
RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633116
registers.edi: 1633204
registers.eax: 23117
registers.ebp: 1633176
registers.edx: 0
registers.ebx: 0
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1632968
registers.edi: 1633064
registers.eax: 23117
registers.ebp: 1633028
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000558592
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7
RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633100
registers.edi: 1633188
registers.eax: 23117
registers.ebp: 1633160
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633224
registers.edi: 1633320
registers.eax: 23117
registers.ebp: 1633284
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000662016
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e
RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633116
registers.edi: 1633204
registers.eax: 23117
registers.ebp: 1633176
registers.edx: 0
registers.ebx: 0
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1632968
registers.edi: 1633064
registers.eax: 23117
registers.ebp: 1633028
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000558592
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7
RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633100
registers.edi: 1633188
registers.eax: 23117
registers.ebp: 1633160
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633224
registers.edi: 1633320
registers.eax: 23117
registers.ebp: 1633284
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000662016
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e
RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633116
registers.edi: 1633204
registers.eax: 23117
registers.ebp: 1633176
registers.edx: 0
registers.ebx: 0
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1632968
registers.edi: 1633064
registers.eax: 23117
registers.ebp: 1633028
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000558592
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7
RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633100
registers.edi: 1633188
registers.eax: 23117
registers.ebp: 1633160
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633224
registers.edi: 1633320
registers.eax: 23117
registers.ebp: 1633284
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000662016
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e
RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633116
registers.edi: 1633204
registers.eax: 23117
registers.ebp: 1633176
registers.edx: 0
registers.ebx: 0
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1632968
registers.edi: 1633064
registers.eax: 23117
registers.ebp: 1633028
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000558592
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7
RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633100
registers.edi: 1633188
registers.eax: 23117
registers.ebp: 1633160
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633224
registers.edi: 1633320
registers.eax: 23117
registers.ebp: 1633284
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000662016
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e
RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633116
registers.edi: 1633204
registers.eax: 23117
registers.ebp: 1633176
registers.edx: 0
registers.ebx: 0
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1632968
registers.edi: 1633064
registers.eax: 23117
registers.ebp: 1633028
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000558592
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7
RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633100
registers.edi: 1633188
registers.eax: 23117
registers.ebp: 1633160
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633224
registers.edi: 1633320
registers.eax: 23117
registers.ebp: 1633284
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000662016
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e
RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633116
registers.edi: 1633204
registers.eax: 23117
registers.ebp: 1633176
registers.edx: 0
registers.ebx: 0
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1632968
registers.edi: 1633064
registers.eax: 23117
registers.ebp: 1633028
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000558592
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7
RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633100
registers.edi: 1633188
registers.eax: 23117
registers.ebp: 1633160
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633224
registers.edi: 1633320
registers.eax: 23117
registers.ebp: 1633284
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000662016
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e
RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633116
registers.edi: 1633204
registers.eax: 23117
registers.ebp: 1633176
registers.edx: 0
registers.ebx: 0
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1632968
registers.edi: 1633064
registers.eax: 23117
registers.ebp: 1633028
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000558592
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7
RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633100
registers.edi: 1633188
registers.eax: 23117
registers.ebp: 1633160
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633224
registers.edi: 1633320
registers.eax: 23117
registers.ebp: 1633284
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000662016
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e
RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633116
registers.edi: 1633204
registers.eax: 23117
registers.ebp: 1633176
registers.edx: 0
registers.ebx: 0
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1632968
registers.edi: 1633064
registers.eax: 23117
registers.ebp: 1633028
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000558592
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7
RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633100
registers.edi: 1633188
registers.eax: 23117
registers.ebp: 1633160
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633224
registers.edi: 1633320
registers.eax: 23117
registers.ebp: 1633284
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000662016
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e
RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633116
registers.edi: 1633204
registers.eax: 23117
registers.ebp: 1633176
registers.edx: 0
registers.ebx: 0
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1632968
registers.edi: 1633064
registers.eax: 23117
registers.ebp: 1633028
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000558592
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7
RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633100
registers.edi: 1633188
registers.eax: 23117
registers.ebp: 1633160
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633224
registers.edi: 1633320
registers.eax: 23117
registers.ebp: 1633284
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000662016
1 0 0

__exception__

 stacktrace: 
RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f
RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e
RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1633116
registers.edi: 1633204
registers.eax: 23117
registers.ebp: 1633176
registers.edx: 0
registers.ebx: 0
registers.esi: 32178176
registers.ecx: 1633024
1 0 0

__exception__

 stacktrace: 
RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2
RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560
RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e
RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21
RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce
RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e
RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f
LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a
LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e
New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322
0x1eb603b
0x1eb4117
0x1eb4204
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x5fe19 @ 0x45fe19
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x6e87e @ 0x46e87e
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4a9b @ 0x404a9b
kdkvxufvvymmebagxmoolsfkmwkkqanimn+0x4b03 @ 0x404b03
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a
exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef
exception.instruction: cmp word ptr [esi], ax
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 193775
exception.address: 0x773cf4ef
registers.esp: 1632968
registers.edi: 1633064
registers.eax: 23117
registers.ebp: 1633028
registers.edx: 0
registers.ebx: 32178176
registers.esi: 32178176
registers.ecx: 2000558592
1 0 0
request GET https://cdn.discordapp.com/attachments/780223158832988201/888322445285662750/Kdkvxufvvymmebagxmoolsfkmwkkqan
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73cc2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2212
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00510000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 81920
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x01eb1000
process_handle: 0xffffffff
1 0 0
Lionic Trojan.Win32.Vobfus.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 99)
McAfee Artemis!663DFA8F055B
Cylance Unsafe
Cyren W32/Delf.IHCZ-0995
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/GenKryptik.FKTC
APEX Malicious
Paloalto generic.ml
Kaspersky UDS:Trojan.Win32.Vobfus.gen
Avast FileRepMalware
F-Secure Heuristic.HEUR/AGEN.1140482
McAfee-GW-Edition BehavesLike.Win32.Infected.ch
FireEye Generic.mg.663dfa8f055ba37e
Sophos Mal/Generic-S
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1140482
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Trojan:Script/Phonzy.B!ml
VBA32 TrojanDownloader.Agent
Malwarebytes Malware.AI.2102961172
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/GenKryptik.EKLE!tr
BitDefenderTheta Gen:NN.ZelphiF.34142.0KW@amR7dGli
AVG FileRepMalware