Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 8, 2021, 11:17 a.m.	Oct. 8, 2021, 11:45 a.m.

Size	774.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1e600b33bd5e1420472158c1b2e145a5`
SHA256	`f5447c22561c0692e385ef3c0ef0ed84d4ce35042f0839bddd7de9aeaa1f777a`
CRC32	`C2B917FE`
ssdeep	`12288:5siTtPf0MEakNE3XqKkjY2N04kY7CE5L0S4rrMGdMpGyS:KaF0MEakNMrkE2hkY7CE5L0S4PMGdM`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

vbc.exe "C:\Users\test22\AppData\Local\Temp\vbc.exe"
112

Name	Response	Post-Analysis Lookup
www.deliciousrecipe.xyz	A 172.67.152.251 A 104.21.49.221	104.21.49.221
www.rosalia-pilates-angers.com	CNAME rosalia-pilates-angers.com A 109.106.246.213	109.106.246.213
www.century21nokta.com
www.buyinsurance24.com	A 156.67.222.73 CNAME buyinsurance24.com	156.67.222.73
www.cardboutiqueapp.com	A 185.129.100.113	185.129.100.113
www.ramashi.com	A 79.98.25.1	79.98.25.1
www.reviewbyornex.online	CNAME reviewbyornex.online A 2.57.90.16	2.57.90.16
www.panda.wiki	CNAME panda.wiki A 34.102.136.180	34.102.136.180
5wxd1a.am.files.1drv.com	A 13.107.42.12 CNAME odc-am-files-geo.onedrive.akadns.net CNAME am-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net CNAME odc-am-files-brs.onedrive.akadns.net CNAME am-files.fe.1drv.com CNAME l-0003.l-msedge.net	13.107.42.12
onedrive.live.com	CNAME odc-web-geo.onedrive.akadns.net CNAME l-0004.l-msedge.net A 13.107.42.13 CNAME odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net CNAME odc-web-brs.onedrive.akadns.net	13.107.42.13
www.healthychefla.com	A 208.91.197.91	208.91.197.91
www.mapara-foundation.net
www.moyue27.com	CNAME moyue27.com A 34.102.136.180	34.102.136.180
www.apollonfitnessvrn.club	A 185.215.4.67 CNAME apollonfitnessvrn.club	185.215.4.67

IP Address	Status	Action
104.21.49.221	Active	Moloch
109.106.246.213	Active	Moloch
13.107.42.12	Active	Moloch
13.107.42.13	Active	Moloch
156.67.222.73	Active	Moloch
164.124.101.2	Active	Moloch
185.129.100.113	Active	Moloch
185.215.4.67	Active	Moloch
2.57.90.16	Active	Moloch
208.91.197.91	Active	Moloch
34.102.136.180	Active	Moloch
79.98.25.1	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49203 -> 13.107.42.13:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49202 -> 13.107.42.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49207 -> 156.67.222.73:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 156.67.222.73:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49207 -> 156.67.222.73:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49205 -> 13.107.42.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 109.106.246.213:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 109.106.246.213:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49217 -> 109.106.246.213:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49201 -> 13.107.42.13:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49204 -> 13.107.42.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49213 -> 208.91.197.91:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 208.91.197.91:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49213 -> 208.91.197.91:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49225 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49225 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49225 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49219 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 185.215.4.67:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 185.215.4.67:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49211 -> 185.215.4.67:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49223 -> 104.21.49.221:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49223 -> 104.21.49.221:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49223 -> 104.21.49.221:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49223 -> 104.21.49.221:80	2031088	ET HUNTING Request to .XYZ Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49221 -> 185.129.100.113:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49221 -> 185.129.100.113:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49221 -> 185.129.100.113:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 79.98.25.1:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 79.98.25.1:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49209 -> 79.98.25.1:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49215 -> 2.57.90.16:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49215 -> 2.57.90.16:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.101:49215 -> 2.57.90.16:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49203 13.107.42.13:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	CN=onedrive.com	50:2f:33:10:92:ac:27:7b:17:be:82:68:3b:e2:29:ad:97:41:b7:bb
TLSv1 192.168.56.101:49202 13.107.42.12:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=storage.live.com	ec:e5:02:98:e6:c9:9a:12:fc:c0:4d:19:cd:2b:0c:ae:d0:c0:37:8e
TLSv1 192.168.56.101:49205 13.107.42.12:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=storage.live.com	ec:e5:02:98:e6:c9:9a:12:fc:c0:4d:19:cd:2b:0c:ae:d0:c0:37:8e
TLSv1 192.168.56.101:49201 13.107.42.13:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	CN=onedrive.com	50:2f:33:10:92:ac:27:7b:17:be:82:68:3b:e2:29:ad:97:41:b7:bb
TLSv1 192.168.56.101:49204 13.107.42.12:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=storage.live.com	ec:e5:02:98:e6:c9:9a:12:fc:c0:4d:19:cd:2b:0c:ae:d0:c0:37:8e

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.itext

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

HERCU

One or more processes crashed (50 out of 124 events)

Time & API	Arguments	Status
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632948 registers.edi: 1633036 registers.eax: 23117 registers.ebp: 1633008 registers.edx: 0 registers.ebx: 0 registers.esi: 9306112 registers.ecx: 1633024	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632800 registers.edi: 1632896 registers.eax: 23117 registers.ebp: 1632860 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000558592	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632932 registers.edi: 1633020 registers.eax: 23117 registers.ebp: 1632992 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 1632768	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633056 registers.edi: 1633152 registers.eax: 23117 registers.ebp: 1633116 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000662016	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632948 registers.edi: 1633036 registers.eax: 23117 registers.ebp: 1633008 registers.edx: 0 registers.ebx: 0 registers.esi: 9306112 registers.ecx: 1633024	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632800 registers.edi: 1632896 registers.eax: 23117 registers.ebp: 1632860 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000558592	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632932 registers.edi: 1633020 registers.eax: 23117 registers.ebp: 1632992 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 1632768	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633056 registers.edi: 1633152 registers.eax: 23117 registers.ebp: 1633116 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000662016	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632948 registers.edi: 1633036 registers.eax: 23117 registers.ebp: 1633008 registers.edx: 0 registers.ebx: 0 registers.esi: 9306112 registers.ecx: 1633024	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632800 registers.edi: 1632896 registers.eax: 23117 registers.ebp: 1632860 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000558592	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632932 registers.edi: 1633020 registers.eax: 23117 registers.ebp: 1632992 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 1632768	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633056 registers.edi: 1633152 registers.eax: 23117 registers.ebp: 1633116 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000662016	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632948 registers.edi: 1633036 registers.eax: 23117 registers.ebp: 1633008 registers.edx: 0 registers.ebx: 0 registers.esi: 9306112 registers.ecx: 1633024	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632800 registers.edi: 1632896 registers.eax: 23117 registers.ebp: 1632860 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000558592	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632932 registers.edi: 1633020 registers.eax: 23117 registers.ebp: 1632992 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 1632768	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633056 registers.edi: 1633152 registers.eax: 23117 registers.ebp: 1633116 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000662016	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632948 registers.edi: 1633036 registers.eax: 23117 registers.ebp: 1633008 registers.edx: 0 registers.ebx: 0 registers.esi: 9306112 registers.ecx: 1633024	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632800 registers.edi: 1632896 registers.eax: 23117 registers.ebp: 1632860 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000558592	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632932 registers.edi: 1633020 registers.eax: 23117 registers.ebp: 1632992 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 1632768	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633056 registers.edi: 1633152 registers.eax: 23117 registers.ebp: 1633116 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000662016	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632948 registers.edi: 1633036 registers.eax: 23117 registers.ebp: 1633008 registers.edx: 0 registers.ebx: 0 registers.esi: 9306112 registers.ecx: 1633024	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632800 registers.edi: 1632896 registers.eax: 23117 registers.ebp: 1632860 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000558592	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632932 registers.edi: 1633020 registers.eax: 23117 registers.ebp: 1632992 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 1632768	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633056 registers.edi: 1633152 registers.eax: 23117 registers.ebp: 1633116 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000662016	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632948 registers.edi: 1633036 registers.eax: 23117 registers.ebp: 1633008 registers.edx: 0 registers.ebx: 0 registers.esi: 9306112 registers.ecx: 1633024	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632800 registers.edi: 1632896 registers.eax: 23117 registers.ebp: 1632860 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000558592	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632932 registers.edi: 1633020 registers.eax: 23117 registers.ebp: 1632992 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 1632768	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633056 registers.edi: 1633152 registers.eax: 23117 registers.ebp: 1633116 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000662016	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632948 registers.edi: 1633036 registers.eax: 23117 registers.ebp: 1633008 registers.edx: 0 registers.ebx: 0 registers.esi: 9306112 registers.ecx: 1633024	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632800 registers.edi: 1632896 registers.eax: 23117 registers.ebp: 1632860 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000558592	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632932 registers.edi: 1633020 registers.eax: 23117 registers.ebp: 1632992 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 1632768	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633056 registers.edi: 1633152 registers.eax: 23117 registers.ebp: 1633116 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000662016	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632948 registers.edi: 1633036 registers.eax: 23117 registers.ebp: 1633008 registers.edx: 0 registers.ebx: 0 registers.esi: 9306112 registers.ecx: 1633024	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632800 registers.edi: 1632896 registers.eax: 23117 registers.ebp: 1632860 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000558592	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632932 registers.edi: 1633020 registers.eax: 23117 registers.ebp: 1632992 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 1632768	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633056 registers.edi: 1633152 registers.eax: 23117 registers.ebp: 1633116 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000662016	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632948 registers.edi: 1633036 registers.eax: 23117 registers.ebp: 1633008 registers.edx: 0 registers.ebx: 0 registers.esi: 9306112 registers.ecx: 1633024	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632800 registers.edi: 1632896 registers.eax: 23117 registers.ebp: 1632860 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000558592	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632932 registers.edi: 1633020 registers.eax: 23117 registers.ebp: 1632992 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 1632768	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633056 registers.edi: 1633152 registers.eax: 23117 registers.ebp: 1633116 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000662016	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632948 registers.edi: 1633036 registers.eax: 23117 registers.ebp: 1633008 registers.edx: 0 registers.ebx: 0 registers.esi: 9306112 registers.ecx: 1633024	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632800 registers.edi: 1632896 registers.eax: 23117 registers.ebp: 1632860 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000558592	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632932 registers.edi: 1633020 registers.eax: 23117 registers.ebp: 1632992 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 1632768	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633056 registers.edi: 1633152 registers.eax: 23117 registers.ebp: 1633116 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000662016	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632948 registers.edi: 1633036 registers.eax: 23117 registers.ebp: 1633008 registers.edx: 0 registers.ebx: 0 registers.esi: 9306112 registers.ecx: 1633024	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632800 registers.edi: 1632896 registers.eax: 23117 registers.ebp: 1632860 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000558592	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632932 registers.edi: 1633020 registers.eax: 23117 registers.ebp: 1632992 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 1632768	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633056 registers.edi: 1633152 registers.eax: 23117 registers.ebp: 1633116 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000662016	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632948 registers.edi: 1633036 registers.eax: 23117 registers.ebp: 1633008 registers.edx: 0 registers.ebx: 0 registers.esi: 9306112 registers.ecx: 1633024	1
__exception__ Oct. 8, 2021, 11:17 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72107322 0x8e60e3 0x8e4117 0x8e4204 vbc+0x588c8 @ 0x4588c8 vbc+0x5aa0a @ 0x45aa0a vbc+0x4a27 @ 0x404a27 vbc+0x4a8f @ 0x404a8f BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632800 registers.edi: 1632896 registers.eax: 23117 registers.ebp: 1632860 registers.edx: 0 registers.ebx: 9306112 registers.esi: 9306112 registers.ecx: 2000558592	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (10 events)

suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.buyinsurance24.com/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=IsEdVHV5NqrP52w/RLJIM650zUtDtKNfdYF6IcU+A2DjJJEAliTsmnu18VuJSk4dLK+eOU5k
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.ramashi.com/rqan/?JzrHHFG8=vOTuanZ5p+2kLOFJYcpBQYvwAM9pdzvrw3jIxlWAVr8jEAhUJWM6CEHoBExo5IsFxCN4cKyY&3ff82=fRmTyhAx8Z7hI8
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.apollonfitnessvrn.club/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=VaQWeC1wRDDYU4/NF2iTKwsfx5eozyAXQ0Gm/adfAr5XvoDihf8e+XMwTRN2DLyVGLBuVunR
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.healthychefla.com/rqan/?JzrHHFG8=/u0lPg3tD0NXN01NZLIHWrUSxah+ttp+ICIzBMCDLsLXpz/De852rL6zDjoreHfIej37Aik5&3ff82=fRmTyhAx8Z7hI8
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.reviewbyornex.online/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=+YDaRZ0OalPDBvWQzxJiu3wS+1PqAY+bKICnQ4MGVASGkx7sRjvvr1ChSauunu02Av4WswUS
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.rosalia-pilates-angers.com/rqan/?JzrHHFG8=rpp+0QkQ3qVKCMOBOGYYzv2WLoTrYDsmUwusKofq8rFyUHqdXA6Sg5y77/rj9N63Y4/bVg+k&3ff82=fRmTyhAx8Z7hI8
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.moyue27.com/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=+TqAOEONCPJUJSnFrnPpRXI/OAAPmI2ScBE7Ik0F+IdHCDjx385zAg9GOBgk6UUD1+VchaMA
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.cardboutiqueapp.com/rqan/?JzrHHFG8=7XmFwjbCeixI2TDSYCNwr0HgHUHoiQEi/VPj3ka7wDWICz/dm8qqNJY2vVzGU6p/p2qyOoMU&3ff82=fRmTyhAx8Z7hI8
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.deliciousrecipe.xyz/rqan/?JzrHHFG8=TkYqMerVxz/XEBbc3qELjgfNr9F8Q7KtV2VQM2Jzmym+o2tqQPbvsTw8MJro3B5iUwTS7PrT&3ff82=fRmTyhAx8Z7hI8
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.panda.wiki/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=gU5bSh/7CfqjrE2rpuf/eAzoAuSxVzybBMr2Pb3WbUhF/rLA2ILmBnXhSTyTcKBMivgEyoIy

Performs some HTTP requests (23 events)

request	POST http://www.buyinsurance24.com/rqan/
request	GET http://www.buyinsurance24.com/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=IsEdVHV5NqrP52w/RLJIM650zUtDtKNfdYF6IcU+A2DjJJEAliTsmnu18VuJSk4dLK+eOU5k
request	POST http://www.ramashi.com/rqan/
request	GET http://www.ramashi.com/rqan/?JzrHHFG8=vOTuanZ5p+2kLOFJYcpBQYvwAM9pdzvrw3jIxlWAVr8jEAhUJWM6CEHoBExo5IsFxCN4cKyY&3ff82=fRmTyhAx8Z7hI8
request	POST http://www.apollonfitnessvrn.club/rqan/
request	GET http://www.apollonfitnessvrn.club/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=VaQWeC1wRDDYU4/NF2iTKwsfx5eozyAXQ0Gm/adfAr5XvoDihf8e+XMwTRN2DLyVGLBuVunR
request	POST http://www.healthychefla.com/rqan/
request	GET http://www.healthychefla.com/rqan/?JzrHHFG8=/u0lPg3tD0NXN01NZLIHWrUSxah+ttp+ICIzBMCDLsLXpz/De852rL6zDjoreHfIej37Aik5&3ff82=fRmTyhAx8Z7hI8
request	POST http://www.reviewbyornex.online/rqan/
request	GET http://www.reviewbyornex.online/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=+YDaRZ0OalPDBvWQzxJiu3wS+1PqAY+bKICnQ4MGVASGkx7sRjvvr1ChSauunu02Av4WswUS
request	POST http://www.rosalia-pilates-angers.com/rqan/
request	GET http://www.rosalia-pilates-angers.com/rqan/?JzrHHFG8=rpp+0QkQ3qVKCMOBOGYYzv2WLoTrYDsmUwusKofq8rFyUHqdXA6Sg5y77/rj9N63Y4/bVg+k&3ff82=fRmTyhAx8Z7hI8
request	POST http://www.moyue27.com/rqan/
request	GET http://www.moyue27.com/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=+TqAOEONCPJUJSnFrnPpRXI/OAAPmI2ScBE7Ik0F+IdHCDjx385zAg9GOBgk6UUD1+VchaMA
request	POST http://www.cardboutiqueapp.com/rqan/
request	GET http://www.cardboutiqueapp.com/rqan/?JzrHHFG8=7XmFwjbCeixI2TDSYCNwr0HgHUHoiQEi/VPj3ka7wDWICz/dm8qqNJY2vVzGU6p/p2qyOoMU&3ff82=fRmTyhAx8Z7hI8
request	POST http://www.deliciousrecipe.xyz/rqan/
request	GET http://www.deliciousrecipe.xyz/rqan/?JzrHHFG8=TkYqMerVxz/XEBbc3qELjgfNr9F8Q7KtV2VQM2Jzmym+o2tqQPbvsTw8MJro3B5iUwTS7PrT&3ff82=fRmTyhAx8Z7hI8
request	POST http://www.panda.wiki/rqan/
request	GET http://www.panda.wiki/rqan/?3ff82=fRmTyhAx8Z7hI8&JzrHHFG8=gU5bSh/7CfqjrE2rpuf/eAzoAuSxVzybBMr2Pb3WbUhF/rLA2ILmBnXhSTyTcKBMivgEyoIy
request	GET https://onedrive.live.com/download?cid=4697057C65B5346F&resid=4697057C65B5346F%21539&authkey=AMY6Ch3k70HIvEs
request	GET https://5wxd1a.am.files.1drv.com/y4mJal6C0wcPc5EPc39Ol16AXikXzZQsUwOSxwiu1Ka6vH42e9Jx63Tz12DoO_Kb4fWQaHwB9hUzn00kQTKgFdW5XzXrBDWMwHDp36xxREnAS1mPv1kHNe_GUZ_ZPF0z2aZCVXBB65_Tg1cI2waYhNxVxfyYY7-nM4gEtwT_MWR62mM1CAEBu4U8UQAuvqkIdMrSKTd4ZLYGeZOsPvp9f7lWA/Sgvedpwygcjxcvszutvrfzwprorsoei?download&psid=1
request	GET https://5wxd1a.am.files.1drv.com/y4mHzZ-8Zvq2RFbhxYzwYTofdoEqTb8Ea40s6OQGA-1Sk1tMrMjOZ7rAoFyUfgFnRgDxm_zDpDZsmhjzmuswZgu3M13FXlKWeGMoidEGGtV5jWCCU2HKuIqL7n1nfBOIhOYUrVuY71NXgLrL39KcbqZYyGjUCtqlPDN53hjLb2CxVa2tA-2Q2lRuPzMv81fpMRD395ch94TTC_gXYCKkK31pg/Sgvedpwygcjxcvszutvrfzwprorsoei?download&psid=1

Sends data using the HTTP POST Method (10 events)

request	POST http://www.buyinsurance24.com/rqan/
request	POST http://www.ramashi.com/rqan/
request	POST http://www.apollonfitnessvrn.club/rqan/
request	POST http://www.healthychefla.com/rqan/
request	POST http://www.reviewbyornex.online/rqan/
request	POST http://www.rosalia-pilates-angers.com/rqan/
request	POST http://www.moyue27.com/rqan/
request	POST http://www.cardboutiqueapp.com/rqan/
request	POST http://www.deliciousrecipe.xyz/rqan/
request	POST http://www.panda.wiki/rqan/

Allocates read-write-execute memory (usually to unpack itself) (22 events)

Time & API	Arguments	Status	Return
NtProtectVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c82000 process_handle: 0xffffffff	1	0
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72500000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72580000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72600000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72680000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72700000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72780000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72800000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72880000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72900000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72980000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72a00000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72a80000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72b00000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72b80000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72c00000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72c80000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d00000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d80000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72e00000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0

Creates executable files on the filesystem (1 event)

file	C:\Users\Public\Libraries\Sgvedpw\Sgvedpw.exe

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 81920 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x008e1000 process_handle: 0xffffffff	1	0	0

One or more of the buffers contains an embedded PE file (1 event)

buffer

Buffer with sha1: aaf8f8965dc0e414ac1211cfc224a976b01292c0

Allocates execute permission to another process indicative of possible code injection (3 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 3028 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72e00000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000554	1
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 3028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000554	1
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 3028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000554	1

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Sgvedpw

reg_value

C:\Users\Public\Libraries\wpdevgS.url

Creates a thread using CreateRemoteThread in a non-child process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 112 created a remote thread in non-child process 3028
CreateRemoteThread Oct. 8, 2021, 11:17 a.m.	thread_identifier: 2092 process_identifier: 3028 function_address: 0x000e0000 flags: 0 stack_size: 0 parameter: 0x000d0000 process_handle: 0x00000554	1	1372	0

Manipulates memory of a non-child process indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 112 manipulating memory of non-child process 3028
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 3028 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72e00000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000554	1	0	0
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 3028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000554	1	0	0
NtAllocateVirtualMemory Oct. 8, 2021, 11:17 a.m.	process_identifier: 3028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000554	1	0	0

Potential code injection by writing to the memory of another process (3 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 112 injected into non-child 3028
WriteProcessMemory Oct. 8, 2021, 11:17 a.m.	buffer: àrðÔár base_address: 0x000d0000 process_identifier: 3028 process_handle: 0x00000554	1	1	0
WriteProcessMemory Oct. 8, 2021, 11:17 a.m.	buffer: UìÄøEUøPUü1ÀPjÿuøÿUüYY]Â@UìÄÔSVWúðEÔ FLèÿÿ3ÀUhOLdÿ0d ÆEÿG<ÇEô»rÃj@h0Eô@PPEô@4ÃPèÈÿÿEð}ðt0hjEðPè¿ÿÿj@h0Eô@PPEô@4ÃPVèÿÿEð}ðuûtvEÔPÏUðÆèEÔÀt7EèUàUìUøRUØRPEðPVèÿÿjjMèºÜMLÆè_ýÿÿÀtÆEÿ3ÀZYYdhOLEÔ FLèØÿþÿÃ base_address: 0x000e0000 process_identifier: 3028 process_handle: 0x00000554	1	1	0

Network activity contains more than one unique useragent (2 events)

process	vbc.exe				useragent	lVali
process	vbc.exe				useragent	aswe

Uses Sysinternals tools in order to add additional command line functionality (1 event)

cmdline

C:\Windows\System32\mobsync.exe

File has been identified by 29 AntiVirus engines on VirusTotal as malicious (29 events)

Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen15.18358
MicroWorld-eScan	Trojan.GenericKD.37739762
FireEye	Trojan.GenericKD.37739762
McAfee	RDN/Generic
Cylance	Unsafe
Sangfor	Riskware.Win32.Agent.ky
Cybereason	malicious.9da95c
BitDefenderTheta	Gen:NN.ZelphiCO.34170.WKW@a04NNpoi
Cyren	W32/Rescoms.N.gen!Eldorado
ESET-NOD32	Win32/TrojanDownloader.Delf.DIB
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Trojan.Remcos-9897068-0
Kaspersky	HEUR:Exploit.Win32.UAC.gen
Avast	Win32:Malware-gen
Ad-Aware	Trojan.GenericKD.37739762
McAfee-GW-Edition	BehavesLike.Win32.Infected.bh
Sophos	Mal/Generic-R
GData	Trojan.GenericKD.37739762
MAX	malware (ai score=99)
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Trojan:Script/Phonzy.C!ml
Cynet	Malicious (score: 100)
VBA32	Trojan.Downloader
TrendMicro-HouseCall	TROJ_GEN.R002H0CJ721
Fortinet	W32/Injector.EQAC!tr
Webroot	W32.Malware.Gen
AVG	Win32:Malware-gen

vbc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All