Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 20, 2022, 11:22 a.m.	Jan. 20, 2022, 11:35 a.m.

Size	1002.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fe6c034412fb96a3d6e8f1c2d636041f`
SHA256	`a7017af2c60c1c5bc06d07f88e12d3b471a8787e233969d92ac6048d303cd682`
CRC32	`C167843F`
ssdeep	`24576:xx5RK+onXkmS7OR6gPSshzLnDyXranXKT7vOGe:xx5M+Sbos9LDg`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

vbc.exe "C:\Users\test22\AppData\Local\Temp\vbc.exe"
2776

Name	Response	Post-Analysis Lookup
lqzdgq.db.files.1drv.com	CNAME odc-db-files-geo.onedrive.akadns.net A 13.107.42.12 CNAME odc-db-files-brs.onedrive.akadns.net CNAME db-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net CNAME db-files.fe.1drv.com CNAME l-0003.l-msedge.net	13.107.42.12
onedrive.live.com	A 13.107.43.13 CNAME odc-web-geo.onedrive.akadns.net CNAME odc-web-brs.onedrive.akadns.net CNAME odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net CNAME l-0004.dc-msedge.net	13.107.42.13

IP Address	Status	Action
162.159.138.85	Active	Moloch
13.107.42.12	Active	Moloch
13.107.43.13	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.itext

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

MSIES

One or more processes crashed (50 out of 124 events)

Time & API	Arguments	Status
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7768199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7768193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632672 registers.edi: 1632760 registers.eax: 23117 registers.ebp: 1632732 registers.edx: 0 registers.ebx: 0 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7769af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632524 registers.edi: 1632620 registers.eax: 23117 registers.ebp: 1632584 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003311104	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7769ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7769af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632656 registers.edi: 1632744 registers.eax: 23117 registers.ebp: 1632716 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632780 registers.edi: 1632876 registers.eax: 23117 registers.ebp: 1632840 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003414528	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7768199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7768193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632672 registers.edi: 1632760 registers.eax: 23117 registers.ebp: 1632732 registers.edx: 0 registers.ebx: 0 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7769af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632524 registers.edi: 1632620 registers.eax: 23117 registers.ebp: 1632584 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003311104	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7769ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7769af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632656 registers.edi: 1632744 registers.eax: 23117 registers.ebp: 1632716 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632780 registers.edi: 1632876 registers.eax: 23117 registers.ebp: 1632840 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003414528	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7768199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7768193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632672 registers.edi: 1632760 registers.eax: 23117 registers.ebp: 1632732 registers.edx: 0 registers.ebx: 0 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7769af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632524 registers.edi: 1632620 registers.eax: 23117 registers.ebp: 1632584 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003311104	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7769ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7769af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632656 registers.edi: 1632744 registers.eax: 23117 registers.ebp: 1632716 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632780 registers.edi: 1632876 registers.eax: 23117 registers.ebp: 1632840 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003414528	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7768199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7768193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632672 registers.edi: 1632760 registers.eax: 23117 registers.ebp: 1632732 registers.edx: 0 registers.ebx: 0 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7769af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632524 registers.edi: 1632620 registers.eax: 23117 registers.ebp: 1632584 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003311104	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7769ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7769af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632656 registers.edi: 1632744 registers.eax: 23117 registers.ebp: 1632716 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632780 registers.edi: 1632876 registers.eax: 23117 registers.ebp: 1632840 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003414528	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7768199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7768193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632672 registers.edi: 1632760 registers.eax: 23117 registers.ebp: 1632732 registers.edx: 0 registers.ebx: 0 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7769af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632524 registers.edi: 1632620 registers.eax: 23117 registers.ebp: 1632584 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003311104	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7769ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7769af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632656 registers.edi: 1632744 registers.eax: 23117 registers.ebp: 1632716 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632780 registers.edi: 1632876 registers.eax: 23117 registers.ebp: 1632840 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003414528	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7768199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7768193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632672 registers.edi: 1632760 registers.eax: 23117 registers.ebp: 1632732 registers.edx: 0 registers.ebx: 0 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7769af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632524 registers.edi: 1632620 registers.eax: 23117 registers.ebp: 1632584 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003311104	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7769ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7769af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632656 registers.edi: 1632744 registers.eax: 23117 registers.ebp: 1632716 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632780 registers.edi: 1632876 registers.eax: 23117 registers.ebp: 1632840 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003414528	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7768199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7768193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632672 registers.edi: 1632760 registers.eax: 23117 registers.ebp: 1632732 registers.edx: 0 registers.ebx: 0 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7769af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632524 registers.edi: 1632620 registers.eax: 23117 registers.ebp: 1632584 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003311104	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7769ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7769af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632656 registers.edi: 1632744 registers.eax: 23117 registers.ebp: 1632716 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632780 registers.edi: 1632876 registers.eax: 23117 registers.ebp: 1632840 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003414528	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7768199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7768193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632672 registers.edi: 1632760 registers.eax: 23117 registers.ebp: 1632732 registers.edx: 0 registers.ebx: 0 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7769af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632524 registers.edi: 1632620 registers.eax: 23117 registers.ebp: 1632584 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003311104	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7769ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7769af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632656 registers.edi: 1632744 registers.eax: 23117 registers.ebp: 1632716 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632780 registers.edi: 1632876 registers.eax: 23117 registers.ebp: 1632840 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003414528	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7768199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7768193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632672 registers.edi: 1632760 registers.eax: 23117 registers.ebp: 1632732 registers.edx: 0 registers.ebx: 0 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7769af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632524 registers.edi: 1632620 registers.eax: 23117 registers.ebp: 1632584 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003311104	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7769ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7769af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632656 registers.edi: 1632744 registers.eax: 23117 registers.ebp: 1632716 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632780 registers.edi: 1632876 registers.eax: 23117 registers.ebp: 1632840 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003414528	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7768199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7768193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632672 registers.edi: 1632760 registers.eax: 23117 registers.ebp: 1632732 registers.edx: 0 registers.ebx: 0 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7769af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632524 registers.edi: 1632620 registers.eax: 23117 registers.ebp: 1632584 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003311104	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7769ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7769af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632656 registers.edi: 1632744 registers.eax: 23117 registers.ebp: 1632716 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632780 registers.edi: 1632876 registers.eax: 23117 registers.ebp: 1632840 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003414528	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7768199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7768193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632672 registers.edi: 1632760 registers.eax: 23117 registers.ebp: 1632732 registers.edx: 0 registers.ebx: 0 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7769af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632524 registers.edi: 1632620 registers.eax: 23117 registers.ebp: 1632584 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003311104	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7769ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7769af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632656 registers.edi: 1632744 registers.eax: 23117 registers.ebp: 1632716 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632780 registers.edi: 1632876 registers.eax: 23117 registers.ebp: 1632840 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003414528	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7768199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7768193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632672 registers.edi: 1632760 registers.eax: 23117 registers.ebp: 1632732 registers.edx: 0 registers.ebx: 0 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7769af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632524 registers.edi: 1632620 registers.eax: 23117 registers.ebp: 1632584 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003311104	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7769ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7769af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632656 registers.edi: 1632744 registers.eax: 23117 registers.ebp: 1632716 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632780 registers.edi: 1632876 registers.eax: 23117 registers.ebp: 1632840 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003414528	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x7767317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x7768199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x7768193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632672 registers.edi: 1632760 registers.eax: 23117 registers.ebp: 1632732 registers.edx: 0 registers.ebx: 0 registers.esi: 34209792 registers.ecx: 1632512	1
__exception__ Jan. 20, 2022, 11:22 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x7766f5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x7766f560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x7768176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7769af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x776818ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x7768174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x77683e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x760d3b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x76bedb3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x73d17322 0x20a60ff 0x20a4133 0x20a4220 vbc+0x7ecb6 @ 0x47ecb6 vbc+0x84295 @ 0x484295 vbc+0x453b @ 0x40453b vbc+0x45a3 @ 0x4045a3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x7766f4ef registers.esp: 1632524 registers.edi: 1632620 registers.eax: 23117 registers.ebp: 1632584 registers.edx: 0 registers.ebx: 34209792 registers.esi: 34209792 registers.ecx: 2003311104	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Performs some HTTP requests (3 events)

request	GET https://onedrive.live.com/download?cid=C3C0A692803ED1E8&resid=C3C0A692803ED1E8%21114&authkey=ABw1EEf0w_1hKks
request	GET https://lqzdgq.db.files.1drv.com/y4my6_i6Vo73Yq6vIwB3zUDhBwyIcXciQ1huClBiYvXWt4vpQCBdUZmZExMO8Slm6CfTeqOL6PEXkZGqqEi5HjvMyIyQC8V3SDTe3shU5gOVL_-nhRvwOwKWwKiOgETomvEdbiahWHE1QmYjT-ROjfxqmEJ89hwDbPWIfmdxJMnQcF23vJGZ8IcIUuTf4GpTdtb0pYgZv59PYSGmKXQXdZX_g/Gdwegxyzxknfzkzntcxxqrfgzvvqhuo?download&psid=1
request	GET https://lqzdgq.db.files.1drv.com/y4mWYlf095NA-ZFVYi4erSwAT-JwfFadhKMnnJJOuAUAIa9FIjXvlASc0BjsM7Zr3dHlJydvKTv0Zp8oJxjMFsOBnFTmBZD5_ueNGLv1YaPzudI6RrlYMJ-6FVTZnWSxO4JN8AJJ8O1tKLAw5TbDHwUYQPgD-z2o46zYxs7HQO5GZE4IO_ZLMNqmRzVY6kjeZuxNhSJ9e_clSTbV9ZTkjiQ5Q/Gdwegxyzxknfzkzntcxxqrfgzvvqhuo?download&psid=1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 56 events)

Time & API	Arguments	Status	Return
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c82000 process_handle: 0xffffffff	1	0
NtAllocateVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00560000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0018f000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020a6000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020a6000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020a6000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020a6000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020a6000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020a6000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020a6000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x729d4000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x729d4000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x729d4000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x729d5000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x729d6000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x729d4000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtAllocateVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04435514 process_handle: 0xffffffff		3221225477

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 81920 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x020a1000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00069200', u'virtual_address': u'0x0009b000', u'entropy': 7.073097934017508, u'name': u'.rsrc', u'virtual_size': u'0x00069200'}

entropy

7.07309793402

description

A section with a high entropy has been found

entropy

0.419870194708

description

Overall entropy of this PE file is high

One or more of the buffers contains an embedded PE file (1 event)

buffer

Buffer with sha1: 26cfdcc0db4d0bb1a1fa99a40ed4fcede8179966

Communicates with host for which no DNS query was performed (1 event)

host

162.159.138.85

Allocates execute permission to another process indicative of possible code injection (3 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2960 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000058c	1
NtAllocateVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000058c	1
NtAllocateVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000058c	1

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Gdwegxyzxk

reg_value

C:\Users\test22\Contacts\kxzyxgewdG.url

Creates a thread using CreateRemoteThread in a non-child process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2776 created a remote thread in non-child process 2960
CreateRemoteThread Jan. 20, 2022, 11:22 a.m.	thread_identifier: 2996 process_identifier: 2960 function_address: 0x000c0000 flags: 0 stack_size: 0 parameter: 0x000b0000 process_handle: 0x0000058c	1	1428	0

Manipulates memory of a non-child process indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2776 manipulating memory of non-child process 2960
NtAllocateVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2960 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000058c	1	0	0
NtAllocateVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000058c	1	0	0
NtAllocateVirtualMemory Jan. 20, 2022, 11:22 a.m.	process_identifier: 2960 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000058c	1	0	0

Potential code injection by writing to the memory of another process (3 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2776 injected into non-child 2960
WriteProcessMemory Jan. 20, 2022, 11:22 a.m.	buffer: HrÀÓIr base_address: 0x000b0000 process_identifier: 2960 process_handle: 0x0000058c	1	1	0
WriteProcessMemory Jan. 20, 2022, 11:22 a.m.	buffer: UìÄøEUøPUü1ÀPjÿuøÿUüYY]Â@UìÄÔSVWúðEÔôFCèúþÿ3ÀUheOCdÿ0d ÆEÿG<ÇEô»rÃj@h0Eô@PPEô@4ÃPè\|ÿÿEð}ðt0hjEðPèsÿÿj@h0Eô@PPEô@4ÃPVèNÿÿEð}ðuûtvEÔPÏUðÆèEÔÀt7EèUàUìUøRUØRPEðPVèBÿÿjjMèº0NCÆè_ýÿÿÀtÆEÿ3ÀZYYdhlOCEÔôFCèTúþÿÃ base_address: 0x000c0000 process_identifier: 2960 process_handle: 0x0000058c	1	1	0

Network activity contains more than one unique useragent (2 events)

process	vbc.exe				useragent	lVali
process	vbc.exe				useragent	52

File has been identified by 36 AntiVirus engines on VirusTotal as malicious (36 events)

Lionic	Trojan.Win32.Remcos.m!c
DrWeb	Trojan.DownLoader44.34785
MicroWorld-eScan	Trojan.GenericKD.60000872
FireEye	Trojan.GenericKD.38615185
McAfee	RDN/Generic.grp
Cylance	Unsafe
Sangfor	Riskware.Win32.Agent.ky
Alibaba	Trojan:Win32/Injector.17167fcb
Arcabit	Trojan.Generic.D3938A68
Cyren	W32/Injector.ATN.gen!Eldorado
Symantec	Scr.MalPbs!gen1
ESET-NOD32	Win32/TrojanDownloader.Delf.DIB
TrendMicro-HouseCall	TROJ_GEN.R002H0DAJ22
Paloalto	generic.ml
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
BitDefender	Trojan.GenericKD.38615185
Avast	Win32:MalwareX-gen [Trj]
Ad-Aware	Trojan.GenericKD.38615185
Emsisoft	Trojan.GenericKD.60000872 (B)
McAfee-GW-Edition	BehavesLike.Win32.Dropper.fh
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Injector
Webroot	W32.Trojan.Gen
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Win32.Trojan-Downloader.DBatLoader.NASQ4Q
AhnLab-V3	Trojan/Win.Generic.R466178
MAX	malware (ai score=84)
Malwarebytes	Malware.AI.1668975726
APEX	Malicious
Rising	Malware.Undefined!8.C (TFE:dGZlOgT1VMVrAwIPTA)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Injector.EQPQ!tr
AVG	Win32:MalwareX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_100% (W)

vbc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All