Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 20, 2021, 11:27 a.m.	Oct. 20, 2021, 11:33 a.m.

Size	1.1MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9261cdcf86933da34b74afa3da380bc3`
SHA256	`42e09f0e4d7ab0448e04d5d31fbc63cfb2df988f848853a5a149ff5454040184`
CRC32	`28D838F9`
ssdeep	`12288:0xwB6jcB+VlDdNvGOLPs46HcqC9Q1LEYLtwauiAkupubMkkUshtgQowaI9hj8mey:Gr1bvGObs46nCmLJw5uwkPZwakpKhG`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file NPKI_Zero - File included NPKI

.vbc.exe "C:\Users\test22\AppData\Local\Temp\.vbc.exe"
1116

Name	Response	Post-Analysis Lookup
login.live.com	A 20.190.144.166 A 20.190.144.165 A 40.126.16.163 CNAME www.tm.a.prd.aadg.trafficmanager.net CNAME login.msa.msidentity.com CNAME www.tm.lg.prod.aadmsa.trafficmanager.net A 20.190.144.160 A 40.126.16.165 CNAME prda.aadg.msidentity.com A 20.190.144.162 A 40.126.16.167 A 40.126.16.166	40.126.13.9
onedrive.live.com	CNAME odc-web-geo.onedrive.akadns.net CNAME l-0004.l-msedge.net A 13.107.42.13 CNAME odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net CNAME odc-web-brs.onedrive.akadns.net	13.107.42.13

IP Address	Status	Action
13.107.42.13	Active	Moloch
164.124.101.2	Active	Moloch
40.126.16.167	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49203 -> 40.126.16.167:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49202 -> 40.126.16.167:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49201 -> 13.107.42.13:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49203 40.126.16.167:443	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=graph.windows.net	73:7d:2b:8b:14:fd:d9:03:14:62:2e:35:a7:c1:54:33:e0:8b:3b:71
TLSv1 192.168.56.101:49202 40.126.16.167:443	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=graph.windows.net	73:7d:2b:8b:14:fd:d9:03:14:62:2e:35:a7:c1:54:33:e0:8b:3b:71
TLSv1 192.168.56.101:49201 13.107.42.13:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	CN=onedrive.com	50:2f:33:10:92:ac:27:7b:17:be:82:68:3b:e2:29:ad:97:41:b7:bb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

ZWMAP

One or more processes crashed (50 out of 125 events)

Time & API	Arguments	Status
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633044 registers.edi: 1633132 registers.eax: 23117 registers.ebp: 1633104 registers.edx: 0 registers.ebx: 0 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632896 registers.edi: 1632992 registers.eax: 23117 registers.ebp: 1632956 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000558592	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633028 registers.edi: 1633116 registers.eax: 23117 registers.ebp: 1633088 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633152 registers.edi: 1633248 registers.eax: 23117 registers.ebp: 1633212 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000662016	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633044 registers.edi: 1633132 registers.eax: 23117 registers.ebp: 1633104 registers.edx: 0 registers.ebx: 0 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632896 registers.edi: 1632992 registers.eax: 23117 registers.ebp: 1632956 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000558592	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633028 registers.edi: 1633116 registers.eax: 23117 registers.ebp: 1633088 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633152 registers.edi: 1633248 registers.eax: 23117 registers.ebp: 1633212 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000662016	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633044 registers.edi: 1633132 registers.eax: 23117 registers.ebp: 1633104 registers.edx: 0 registers.ebx: 0 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632896 registers.edi: 1632992 registers.eax: 23117 registers.ebp: 1632956 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000558592	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633028 registers.edi: 1633116 registers.eax: 23117 registers.ebp: 1633088 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633152 registers.edi: 1633248 registers.eax: 23117 registers.ebp: 1633212 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000662016	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633044 registers.edi: 1633132 registers.eax: 23117 registers.ebp: 1633104 registers.edx: 0 registers.ebx: 0 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632896 registers.edi: 1632992 registers.eax: 23117 registers.ebp: 1632956 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000558592	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633028 registers.edi: 1633116 registers.eax: 23117 registers.ebp: 1633088 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633152 registers.edi: 1633248 registers.eax: 23117 registers.ebp: 1633212 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000662016	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633044 registers.edi: 1633132 registers.eax: 23117 registers.ebp: 1633104 registers.edx: 0 registers.ebx: 0 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632896 registers.edi: 1632992 registers.eax: 23117 registers.ebp: 1632956 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000558592	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633028 registers.edi: 1633116 registers.eax: 23117 registers.ebp: 1633088 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633152 registers.edi: 1633248 registers.eax: 23117 registers.ebp: 1633212 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000662016	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633044 registers.edi: 1633132 registers.eax: 23117 registers.ebp: 1633104 registers.edx: 0 registers.ebx: 0 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632896 registers.edi: 1632992 registers.eax: 23117 registers.ebp: 1632956 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000558592	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633028 registers.edi: 1633116 registers.eax: 23117 registers.ebp: 1633088 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633152 registers.edi: 1633248 registers.eax: 23117 registers.ebp: 1633212 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000662016	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633044 registers.edi: 1633132 registers.eax: 23117 registers.ebp: 1633104 registers.edx: 0 registers.ebx: 0 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632896 registers.edi: 1632992 registers.eax: 23117 registers.ebp: 1632956 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000558592	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633028 registers.edi: 1633116 registers.eax: 23117 registers.ebp: 1633088 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633152 registers.edi: 1633248 registers.eax: 23117 registers.ebp: 1633212 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000662016	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633044 registers.edi: 1633132 registers.eax: 23117 registers.ebp: 1633104 registers.edx: 0 registers.ebx: 0 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632896 registers.edi: 1632992 registers.eax: 23117 registers.ebp: 1632956 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000558592	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633028 registers.edi: 1633116 registers.eax: 23117 registers.ebp: 1633088 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633152 registers.edi: 1633248 registers.eax: 23117 registers.ebp: 1633212 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000662016	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633044 registers.edi: 1633132 registers.eax: 23117 registers.ebp: 1633104 registers.edx: 0 registers.ebx: 0 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632896 registers.edi: 1632992 registers.eax: 23117 registers.ebp: 1632956 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000558592	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633028 registers.edi: 1633116 registers.eax: 23117 registers.ebp: 1633088 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633152 registers.edi: 1633248 registers.eax: 23117 registers.ebp: 1633212 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000662016	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633044 registers.edi: 1633132 registers.eax: 23117 registers.ebp: 1633104 registers.edx: 0 registers.ebx: 0 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632896 registers.edi: 1632992 registers.eax: 23117 registers.ebp: 1632956 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000558592	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633028 registers.edi: 1633116 registers.eax: 23117 registers.ebp: 1633088 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633152 registers.edi: 1633248 registers.eax: 23117 registers.ebp: 1633212 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000662016	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633044 registers.edi: 1633132 registers.eax: 23117 registers.ebp: 1633104 registers.edx: 0 registers.ebx: 0 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632896 registers.edi: 1632992 registers.eax: 23117 registers.ebp: 1632956 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000558592	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633028 registers.edi: 1633116 registers.eax: 23117 registers.ebp: 1633088 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633152 registers.edi: 1633248 registers.eax: 23117 registers.ebp: 1633212 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000662016	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633044 registers.edi: 1633132 registers.eax: 23117 registers.ebp: 1633104 registers.edx: 0 registers.ebx: 0 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632896 registers.edi: 1632992 registers.eax: 23117 registers.ebp: 1632956 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000558592	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x773fada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x773faf78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633028 registers.edi: 1633116 registers.eax: 23117 registers.ebp: 1633088 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633152 registers.edi: 1633248 registers.eax: 23117 registers.ebp: 1633212 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000662016	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x773d317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x773e199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x773e193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1633044 registers.edi: 1633132 registers.eax: 23117 registers.ebp: 1633104 registers.edx: 0 registers.ebx: 0 registers.esi: 7929856 registers.ecx: 1633024	1
__exception__ Oct. 20, 2021, 11:27 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x773cf5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x773cf560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x773e176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x773faf21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x773e18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x773e174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x773e3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76a83b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x755bdb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x72bf7322 0x7960e3 0x794117 0x794204 +0x76973 @ 0x476973 +0x93eb6 @ 0x493eb6 +0x94b57 @ 0x494b57 +0x46fb @ 0x4046fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x773cf4ef registers.esp: 1632896 registers.edi: 1632992 registers.eax: 23117 registers.ebp: 1632956 registers.edx: 0 registers.ebx: 7929856 registers.esi: 7929856 registers.ecx: 2000558592	1

Performs some HTTP requests (3 events)

request	GET https://onedrive.live.com/download?cid=E97110434470423E&resid=E97110434470423E%21396&authkey=AMSfkm3AUupwnz8
request	GET https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1634697082&rver=7.3.6962.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fonedrive.live.com%2Fdownload%3Fcid%3DE97110434470423E%26resid%3DE97110434470423E%2521396%26authkey%3DAMSfkm3AUupwnz8&lc=1033&id=250206&cbcxt=sky&cbcxt=sky
request	GET https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1634697084&rver=7.3.6962.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fonedrive.live.com%2Fdownload%3Fcid%3DE97110434470423E%26resid%3DE97110434470423E%2521396%26authkey%3DAMSfkm3AUupwnz8&lc=1033&id=250206&cbcxt=sky&cbcxt=sky

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status	Return
NtAllocateVirtualMemory Oct. 20, 2021, 11:27 a.m.	process_identifier: 1116 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00540000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 20, 2021, 11:27 a.m.	process_identifier: 1116 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73cc2000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 20, 2021, 11:27 a.m.	process_identifier: 1116 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 20, 2021, 11:27 a.m.	process_identifier: 1116 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 81920 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00791000 process_handle: 0xffffffff	1	0	0

Network activity contains more than one unique useragent (2 events)

process	.vbc.exe				useragent	lVali
process	.vbc.exe				useragent	aswe

File has been identified by 25 AntiVirus engines on VirusTotal as malicious (25 events)

Elastic	malicious (high confidence)
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005892a51 )
BitDefenderTheta	Gen:NN.ZelphiCO.34218.jHW@aSfncNei
Cyren	W32/Delf_Troj.CO.gen!Eldorado
ESET-NOD32	Win32/TrojanDownloader.Delf.DIB
TrendMicro-HouseCall	TROJ_GEN.R002H0CJJ21
Paloalto	generic.ml
ClamAV	Win.Malware.Fhqr-9869314-0
Kaspersky	Backdoor.Win32.Remcos.twj
APEX	Malicious
Comodo	TrojWare.Win32.UMal.cxceq@0
McAfee-GW-Edition	BehavesLike.Win32.Worm.th
Sophos	Mal/Generic-S
Microsoft	Trojan:Script/Phonzy.B!ml
McAfee	GenericRXAA-AA!9261CDCF8693
VBA32	BScope.TrojanSpy.Noon
Malwarebytes	Trojan.MalPack.SMY.Generic
Avast	Win32:CrypterX-gen [Trj]
Rising	Trojan.Generic@ML.83 (RDML:DLViw/ES7n3LaC/poxgGxw)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.DPIE!tr
AVG	Win32:CrypterX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

.vbc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All