Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 7, 2021, 10:51 a.m.	Oct. 7, 2021, 11:08 a.m.

Size	938.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`96bd7548ea9c202bf6add33886f45ddb`
SHA256	`3f127801208a3596f363b8c7eaf33edd21e1f74ac2fca102d927dc784811c8f4`
CRC32	`6B2029AB`
ssdeep	`24576:nWv+QwSKgQ0qgQDKqOTLDE4b+JlzNgojDGBav:WmWKgNxLQ4ERNRG0`
Yara	PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

vbc.exe "C:\Users\test22\AppData\Local\Temp\vbc.exe"
2132

Name	Response	Post-Analysis Lookup
www.15dgj.xyz	A 23.225.32.156 A 23.224.235.100 A 23.225.30.43 CNAME www.9tv-cname.com A 104.233.177.157 CNAME 9tv-cname.com	23.224.235.100
www.sergomosta.com
www.abasketofwords.com	A 118.27.122.216	118.27.122.216
www.comercialjyv.com	A 166.62.110.60 CNAME comercialjyv.com	166.62.110.60
www.marionkgregory.store	A 172.67.153.94 A 104.21.88.208	172.67.153.94
www.tokofebri.store	CNAME ghs.google.com A 142.250.157.121	216.58.220.115
www.thelocksmithtradeshow.com	A 34.102.136.180 CNAME thelocksmithtradeshow.com	34.102.136.180
www.haferssippe.quest	A 37.123.118.150	37.123.118.150
www.cambabez.xyz
onedrive.live.com	CNAME odc-web-geo.onedrive.akadns.net CNAME l-0004.l-msedge.net A 13.107.42.13 CNAME odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net CNAME odc-web-brs.onedrive.akadns.net	13.107.42.13
www.claggs.com	CNAME claggs.com A 34.102.136.180	34.102.136.180
5wzqug.am.files.1drv.com	A 13.107.42.12 CNAME odc-am-files-geo.onedrive.akadns.net CNAME am-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net CNAME odc-am-files-brs.onedrive.akadns.net CNAME am-files.fe.1drv.com CNAME l-0003.l-msedge.net	13.107.42.12
www.moyue27.com	CNAME moyue27.com A 34.102.136.180	34.102.136.180
www.buratacoin.com	A 54.39.107.28 CNAME buratacoin.com	54.39.107.28

IP Address	Status	Action
104.21.88.208	Active	Moloch
118.27.122.216	Active	Moloch
13.107.42.12	Active	Moloch
13.107.42.13	Active	Moloch
142.250.157.121	Active	Moloch
164.124.101.2	Active	Moloch
166.62.110.60	Active	Moloch
23.224.235.100	Active	Moloch
34.102.136.180	Active	Moloch
37.123.118.150	Active	Moloch
54.39.107.28	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49165 -> 13.107.42.13:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49166 -> 13.107.42.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49167 -> 13.107.42.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49169 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 104.21.88.208:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 104.21.88.208:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 104.21.88.208:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49179 -> 142.250.157.121:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49179 -> 142.250.157.121:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49179 -> 142.250.157.121:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 54.39.107.28:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 54.39.107.28:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 54.39.107.28:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49178 -> 118.27.122.216:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49178 -> 118.27.122.216:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 166.62.110.60:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49178 -> 118.27.122.216:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 166.62.110.60:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 166.62.110.60:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49176 -> 37.123.118.150:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49177 -> 23.224.235.100:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49176 -> 37.123.118.150:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49177 -> 23.224.235.100:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49176 -> 37.123.118.150:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49177 -> 23.224.235.100:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49177 -> 23.224.235.100:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49165 13.107.42.13:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	CN=onedrive.com	50:2f:33:10:92:ac:27:7b:17:be:82:68:3b:e2:29:ad:97:41:b7:bb
TLSv1 192.168.56.102:49166 13.107.42.12:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=storage.live.com	ec:e5:02:98:e6:c9:9a:12:fc:c0:4d:19:cd:2b:0c:ae:d0:c0:37:8e
TLSv1 192.168.56.102:49167 13.107.42.12:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=storage.live.com	ec:e5:02:98:e6:c9:9a:12:fc:c0:4d:19:cd:2b:0c:ae:d0:c0:37:8e

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.itext

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

MAMBA

One or more processes crashed (50 out of 124 events)

Time & API	Arguments	Status
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x77b2199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x77b2193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632628 registers.edi: 1632716 registers.eax: 23117 registers.ebp: 1632688 registers.edx: 0 registers.ebx: 0 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x77b3af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632480 registers.edi: 1632576 registers.eax: 23117 registers.ebp: 1632540 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008160768	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x77b3ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x77b3af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632612 registers.edi: 1632700 registers.eax: 23117 registers.ebp: 1632672 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632736 registers.edi: 1632832 registers.eax: 23117 registers.ebp: 1632796 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008264192	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x77b2199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x77b2193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632628 registers.edi: 1632716 registers.eax: 23117 registers.ebp: 1632688 registers.edx: 0 registers.ebx: 0 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x77b3af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632480 registers.edi: 1632576 registers.eax: 23117 registers.ebp: 1632540 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008160768	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x77b3ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x77b3af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632612 registers.edi: 1632700 registers.eax: 23117 registers.ebp: 1632672 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632736 registers.edi: 1632832 registers.eax: 23117 registers.ebp: 1632796 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008264192	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x77b2199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x77b2193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632628 registers.edi: 1632716 registers.eax: 23117 registers.ebp: 1632688 registers.edx: 0 registers.ebx: 0 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x77b3af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632480 registers.edi: 1632576 registers.eax: 23117 registers.ebp: 1632540 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008160768	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x77b3ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x77b3af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632612 registers.edi: 1632700 registers.eax: 23117 registers.ebp: 1632672 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632736 registers.edi: 1632832 registers.eax: 23117 registers.ebp: 1632796 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008264192	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x77b2199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x77b2193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632628 registers.edi: 1632716 registers.eax: 23117 registers.ebp: 1632688 registers.edx: 0 registers.ebx: 0 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x77b3af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632480 registers.edi: 1632576 registers.eax: 23117 registers.ebp: 1632540 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008160768	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x77b3ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x77b3af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632612 registers.edi: 1632700 registers.eax: 23117 registers.ebp: 1632672 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632736 registers.edi: 1632832 registers.eax: 23117 registers.ebp: 1632796 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008264192	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x77b2199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x77b2193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632628 registers.edi: 1632716 registers.eax: 23117 registers.ebp: 1632688 registers.edx: 0 registers.ebx: 0 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x77b3af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632480 registers.edi: 1632576 registers.eax: 23117 registers.ebp: 1632540 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008160768	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x77b3ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x77b3af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632612 registers.edi: 1632700 registers.eax: 23117 registers.ebp: 1632672 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632736 registers.edi: 1632832 registers.eax: 23117 registers.ebp: 1632796 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008264192	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x77b2199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x77b2193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632628 registers.edi: 1632716 registers.eax: 23117 registers.ebp: 1632688 registers.edx: 0 registers.ebx: 0 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x77b3af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632480 registers.edi: 1632576 registers.eax: 23117 registers.ebp: 1632540 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008160768	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x77b3ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x77b3af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632612 registers.edi: 1632700 registers.eax: 23117 registers.ebp: 1632672 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632736 registers.edi: 1632832 registers.eax: 23117 registers.ebp: 1632796 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008264192	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x77b2199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x77b2193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632628 registers.edi: 1632716 registers.eax: 23117 registers.ebp: 1632688 registers.edx: 0 registers.ebx: 0 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x77b3af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632480 registers.edi: 1632576 registers.eax: 23117 registers.ebp: 1632540 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008160768	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x77b3ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x77b3af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632612 registers.edi: 1632700 registers.eax: 23117 registers.ebp: 1632672 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632736 registers.edi: 1632832 registers.eax: 23117 registers.ebp: 1632796 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008264192	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x77b2199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x77b2193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632628 registers.edi: 1632716 registers.eax: 23117 registers.ebp: 1632688 registers.edx: 0 registers.ebx: 0 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x77b3af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632480 registers.edi: 1632576 registers.eax: 23117 registers.ebp: 1632540 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008160768	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x77b3ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x77b3af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632612 registers.edi: 1632700 registers.eax: 23117 registers.ebp: 1632672 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632736 registers.edi: 1632832 registers.eax: 23117 registers.ebp: 1632796 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008264192	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x77b2199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x77b2193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632628 registers.edi: 1632716 registers.eax: 23117 registers.ebp: 1632688 registers.edx: 0 registers.ebx: 0 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x77b3af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632480 registers.edi: 1632576 registers.eax: 23117 registers.ebp: 1632540 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008160768	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x77b3ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x77b3af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632612 registers.edi: 1632700 registers.eax: 23117 registers.ebp: 1632672 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632736 registers.edi: 1632832 registers.eax: 23117 registers.ebp: 1632796 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008264192	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x77b2199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x77b2193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632628 registers.edi: 1632716 registers.eax: 23117 registers.ebp: 1632688 registers.edx: 0 registers.ebx: 0 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x77b3af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632480 registers.edi: 1632576 registers.eax: 23117 registers.ebp: 1632540 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008160768	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x77b3ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x77b3af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632612 registers.edi: 1632700 registers.eax: 23117 registers.ebp: 1632672 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632736 registers.edi: 1632832 registers.eax: 23117 registers.ebp: 1632796 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008264192	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x77b2199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x77b2193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632628 registers.edi: 1632716 registers.eax: 23117 registers.ebp: 1632688 registers.edx: 0 registers.ebx: 0 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x77b3af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632480 registers.edi: 1632576 registers.eax: 23117 registers.ebp: 1632540 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008160768	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x77b3ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x77b3af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632612 registers.edi: 1632700 registers.eax: 23117 registers.ebp: 1632672 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632736 registers.edi: 1632832 registers.eax: 23117 registers.ebp: 1632796 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008264192	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x77b2199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x77b2193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632628 registers.edi: 1632716 registers.eax: 23117 registers.ebp: 1632688 registers.edx: 0 registers.ebx: 0 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x77b3af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632480 registers.edi: 1632576 registers.eax: 23117 registers.ebp: 1632540 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008160768	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x77b3ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x77b3af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632612 registers.edi: 1632700 registers.eax: 23117 registers.ebp: 1632672 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632736 registers.edi: 1632832 registers.eax: 23117 registers.ebp: 1632796 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008264192	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x77b1317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x77b2199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x77b2193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632628 registers.edi: 1632716 registers.eax: 23117 registers.ebp: 1632688 registers.edx: 0 registers.ebx: 0 registers.esi: 35848192 registers.ecx: 1632512	1
__exception__ Oct. 7, 2021, 10:52 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x77b0f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x77b0f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x77b2176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x77b3af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x77b218ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x77b2174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77b23e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x75673b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7557db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73f57322 0x22360e3 0x2234117 0x2234204 vbc+0x7ad45 @ 0x47ad45 vbc+0x7b402 @ 0x47b402 vbc+0x7b976 @ 0x47b976 vbc+0x24326 @ 0x424326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755762fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75576d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755777c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75577bca vbc+0x61591 @ 0x461591 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x77b0f4ef registers.esp: 1632480 registers.edi: 1632576 registers.eax: 23117 registers.ebp: 1632540 registers.edx: 0 registers.ebx: 35848192 registers.esi: 35848192 registers.ecx: 2008160768	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (10 events)

suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.claggs.com/rqan/?ATRlddq=8qJ/WnfN2Dsdt3vQdCIYENwUXvQ2fP0y4NNfqJHjhObiKvv0YjB/Xn2+M1Rdb7LfvORaQTC7&DxoTK=VDKTtFOxV2WL8tH
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.buratacoin.com/rqan/?ATRlddq=Jt/jULqvuHmFHTQHoInL/hgvG9NOCzgC+ifeqw8dEamPSAWqFa2LRIXLynF/lbhL2qE+xTiF&DxoTK=VDKTtFOxV2WL8tH
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.moyue27.com/rqan/?ATRlddq=+TqAOEONCPJUJSnFrnPpRXI/OAAPmI2ScBE7Ik0F+IdHCDjx385zAg9GOBgk6UUD1+VchaMA&DxoTK=VDKTtFOxV2WL8tH
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.comercialjyv.com/rqan/?ATRlddq=Rtey7j6o/6NPBerA7EpwrG4H/co8GZ/3Plt045JmCspN4s9ulysKZ35pRYVs1dFdUUjH8mSJ&DxoTK=VDKTtFOxV2WL8tH
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.marionkgregory.store/rqan/?ATRlddq=VNXAiSIfyRM8OhL2EWzAO1fi5NRrcw8msq2SrTaCNLqA/2hjQ8/reY1ha2pEjv6UWdZEd9WI&DxoTK=VDKTtFOxV2WL8tH
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.thelocksmithtradeshow.com/rqan/?ATRlddq=l024+3ZD/MMtYAimPvceCx2mX2pxaBq1zlsxSU83YzhgdyxMZckScAoxySy9Gng2X/4IOs9V&DxoTK=VDKTtFOxV2WL8tH
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.haferssippe.quest/rqan/?ATRlddq=nFD+tckPtQIgQGQeciUNqkCJ8CDb8RQ3Hc2bC2BXacngwVvSVsoOUWgxvZcvhlu4kTcNykfE&DxoTK=VDKTtFOxV2WL8tH
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.15dgj.xyz/rqan/?ATRlddq=L/JXrSYEbYVz+Zr+hdnNufTLXvurW4Cign4jUf9qCp/G8GoUAf71AaygvLGg/JPSI1lXLouM&DxoTK=VDKTtFOxV2WL8tH
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.abasketofwords.com/rqan/?ATRlddq=+S1kQ2PT5fjUCuwrbY1xCKK84VEzmjTIH4aw6YwLG0KBcWdxm+CFKoDK+Dq48ZQ8nc9VjOLV&DxoTK=VDKTtFOxV2WL8tH
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.tokofebri.store/rqan/?ATRlddq=bkTXLZuWQMSQcwGJ7R0aOlt20uLYpPHtJJJLiW4usy6BqC1mRs4efAWLwAB/Z2acqV9T3m6J&DxoTK=VDKTtFOxV2WL8tH

Performs some HTTP requests (13 events)

request	GET http://www.claggs.com/rqan/?ATRlddq=8qJ/WnfN2Dsdt3vQdCIYENwUXvQ2fP0y4NNfqJHjhObiKvv0YjB/Xn2+M1Rdb7LfvORaQTC7&DxoTK=VDKTtFOxV2WL8tH
request	GET http://www.buratacoin.com/rqan/?ATRlddq=Jt/jULqvuHmFHTQHoInL/hgvG9NOCzgC+ifeqw8dEamPSAWqFa2LRIXLynF/lbhL2qE+xTiF&DxoTK=VDKTtFOxV2WL8tH
request	GET http://www.moyue27.com/rqan/?ATRlddq=+TqAOEONCPJUJSnFrnPpRXI/OAAPmI2ScBE7Ik0F+IdHCDjx385zAg9GOBgk6UUD1+VchaMA&DxoTK=VDKTtFOxV2WL8tH
request	GET http://www.comercialjyv.com/rqan/?ATRlddq=Rtey7j6o/6NPBerA7EpwrG4H/co8GZ/3Plt045JmCspN4s9ulysKZ35pRYVs1dFdUUjH8mSJ&DxoTK=VDKTtFOxV2WL8tH
request	GET http://www.marionkgregory.store/rqan/?ATRlddq=VNXAiSIfyRM8OhL2EWzAO1fi5NRrcw8msq2SrTaCNLqA/2hjQ8/reY1ha2pEjv6UWdZEd9WI&DxoTK=VDKTtFOxV2WL8tH
request	GET http://www.thelocksmithtradeshow.com/rqan/?ATRlddq=l024+3ZD/MMtYAimPvceCx2mX2pxaBq1zlsxSU83YzhgdyxMZckScAoxySy9Gng2X/4IOs9V&DxoTK=VDKTtFOxV2WL8tH
request	GET http://www.haferssippe.quest/rqan/?ATRlddq=nFD+tckPtQIgQGQeciUNqkCJ8CDb8RQ3Hc2bC2BXacngwVvSVsoOUWgxvZcvhlu4kTcNykfE&DxoTK=VDKTtFOxV2WL8tH
request	GET http://www.15dgj.xyz/rqan/?ATRlddq=L/JXrSYEbYVz+Zr+hdnNufTLXvurW4Cign4jUf9qCp/G8GoUAf71AaygvLGg/JPSI1lXLouM&DxoTK=VDKTtFOxV2WL8tH
request	GET http://www.abasketofwords.com/rqan/?ATRlddq=+S1kQ2PT5fjUCuwrbY1xCKK84VEzmjTIH4aw6YwLG0KBcWdxm+CFKoDK+Dq48ZQ8nc9VjOLV&DxoTK=VDKTtFOxV2WL8tH
request	GET http://www.tokofebri.store/rqan/?ATRlddq=bkTXLZuWQMSQcwGJ7R0aOlt20uLYpPHtJJJLiW4usy6BqC1mRs4efAWLwAB/Z2acqV9T3m6J&DxoTK=VDKTtFOxV2WL8tH
request	GET https://onedrive.live.com/download?cid=4697057C65B5346F&resid=4697057C65B5346F%21536&authkey=AASDOjncAUJWfks
request	GET https://5wzqug.am.files.1drv.com/y4mTZZw0eJpvhrmvXl_fo8anex-VNAuRJCgRkrJiCNfKEseve3BiEFE0eVrSult2T8e-jsKcLLJgywa69qFWouFk89DWCXtzQt_ietEzDP5cA6NBC0v5YeBT1NjCuh6NQ1_d9TqoU13RPK4oy5WmF4pXBJK8fbVWmuW-QNz1cF84zYNnJ_wsTCUdwUwDqhVuYLppy7o583rgdrZxaPalaGakA/Voutohtjmdjzsdtpvrgxomfqdmmrfda?download&psid=1
request	GET https://5wzqug.am.files.1drv.com/y4m6VJMWw0J61zJl2alhe5XVS_0tMm5H1tpXUlMZ-KmfdjLNElLVJVahAIukV4I4W4pwo_Rbp9D91qN0jJu0fvZ0sklmnqovdV8ZXHIlovbK-aiBqeWkmenc-W5xgmvS1o9U_Bf1dUERlx2YbjpXTQx2qX4xLeVpcbuSiwnXqbTfZ8_rwlXMjEXBWEnFCMHQy1h01hEg4bo48fz9HjCTfV7zA/Voutohtjmdjzsdtpvrgxomfqdmmrfda?download&psid=1

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 7, 2021, 10:51 a.m.	process_identifier: 2132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d92000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 7, 2021, 10:51 a.m.	process_identifier: 2132 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00550000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 7, 2021, 10:52 a.m.	process_identifier: 2132 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\Public\Libraries\Voutoht\Voutoht.exe

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 7, 2021, 10:52 a.m.	process_identifier: 2132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 81920 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x02231000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00061c00', u'virtual_address': u'0x00091000', u'entropy': 6.854315038639436, u'name': u'.rsrc', u'virtual_size': u'0x00061b4a'}

entropy

6.85431503864

description

A section with a high entropy has been found

entropy

0.417066666667

description

Overall entropy of this PE file is high

One or more of the buffers contains an embedded PE file (1 event)

buffer

Buffer with sha1: aaf8f8965dc0e414ac1211cfc224a976b01292c0

Allocates execute permission to another process indicative of possible code injection (3 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Oct. 7, 2021, 10:52 a.m.	process_identifier: 2308 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000570	1
NtAllocateVirtualMemory Oct. 7, 2021, 10:52 a.m.	process_identifier: 2308 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00130000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000570	1
NtAllocateVirtualMemory Oct. 7, 2021, 10:52 a.m.	process_identifier: 2308 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00140000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000570	1

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Voutoht

reg_value

C:\Users\Public\Libraries\thotuoV.url

Creates a thread using CreateRemoteThread in a non-child process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2132 created a remote thread in non-child process 2308
CreateRemoteThread Oct. 7, 2021, 10:52 a.m.	thread_identifier: 2316 process_identifier: 2308 function_address: 0x00140000 flags: 0 stack_size: 0 parameter: 0x00130000 process_handle: 0x00000570	1	1400	0

Manipulates memory of a non-child process indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2132 manipulating memory of non-child process 2308
NtAllocateVirtualMemory Oct. 7, 2021, 10:52 a.m.	process_identifier: 2308 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000570	1	0	0
NtAllocateVirtualMemory Oct. 7, 2021, 10:52 a.m.	process_identifier: 2308 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00130000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000570	1	0	0
NtAllocateVirtualMemory Oct. 7, 2021, 10:52 a.m.	process_identifier: 2308 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00140000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000570	1	0	0

Potential code injection by writing to the memory of another process (3 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2132 injected into non-child 2308
WriteProcessMemory Oct. 7, 2021, 10:52 a.m.	buffer: HrðÔIr base_address: 0x00130000 process_identifier: 2308 process_handle: 0x00000570	1	1	0
WriteProcessMemory Oct. 7, 2021, 10:52 a.m.	buffer: UìÄøEUøPUü1ÀPjÿuøÿUüYY]Â@UìÄÔSVWúðEÔ Fzèÿÿ3ÀUhOzdÿ0d ÆEÿG<ÇEô»rÃj@h0Eô@PPEô@4ÃPèÈÿÿEð}ðt0hjEðPè¿ÿÿj@h0Eô@PPEô@4ÃPVèÿÿEð}ðuûtvEÔPÏUðÆèEÔÀt7EèUàUìUøRUØRPEðPVèÿÿjjMèºÜMzÆè_ýÿÿÀtÆEÿ3ÀZYYdhOzEÔ FzèØÿþÿÃ base_address: 0x00140000 process_identifier: 2308 process_handle: 0x00000570	1	1	0

Network activity contains more than one unique useragent (2 events)

process	vbc.exe				useragent	lVali
process	vbc.exe				useragent	aswe

Generates some ICMP traffic

File has been identified by 21 AntiVirus engines on VirusTotal as malicious (21 events)

Elastic	malicious (high confidence)
McAfee	GenericRXAA-AA!96BD7548EA9C
Cylance	Unsafe
Sangfor	Virus.Win32.Save.a
BitDefenderTheta	Gen:NN.ZelphiF.34170.6KW@a4TTdIii
Cyren	W32/Rescoms.N.gen!Eldorado
Symantec	Packed.Generic.516
ESET-NOD32	a variant of Win32/GenKryptik.EVCG
APEX	Malicious
ClamAV	Win.Trojan.Remcos-9897068-0
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	FileRepMalware
McAfee-GW-Edition	BehavesLike.Win32.Worm.dh
MAX	malware (ai score=99)
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
VBA32	BScope.TrojanSpy.Noon
Malwarebytes	Malware.AI.2173583272
Ikarus	Trojan.Inject
Fortinet	W32/Injector.EQAC!tr
AVG	FileRepMalware

vbc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All