Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Feb. 15, 2022, 10:39 a.m.	Feb. 15, 2022, 10:44 a.m.

Size	713.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1dbd7d18666bf391f7fa4613ef7bb6d9`
SHA256	`4abee8ed31d31112c7338025f2bd96f0d6232a36db9711e6e45ee9e7f1f9c461`
CRC32	`376A83DF`
ssdeep	`12288:FlZjc75hO32cpuG7NVM1/vcDy50eVmZyqGz2PASl0i1K2K+Jr:3iz2puG7NVM1/kcVNqGzqFX1K+Z`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

image001.exe "C:\Users\test22\AppData\Local\Temp\image001.exe"
2336

Name	Response	Post-Analysis Lookup
tavrqq.dm.files.1drv.com	CNAME dm-files.fe.1drv.com CNAME dm-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net CNAME odc-dm-files-brs.onedrive.akadns.net A 13.107.42.12 CNAME odc-dm-files-geo.onedrive.akadns.net CNAME l-0003.l-msedge.net	13.107.42.12
onedrive.live.com	CNAME odc-web-geo.onedrive.akadns.net CNAME l-0004.l-msedge.net A 13.107.42.13 CNAME odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net CNAME odc-web-brs.onedrive.akadns.net	13.107.42.13

IP Address	Status	Action
13.107.42.12	Active	Moloch
13.107.42.13	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.itext

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

MP3__MSIU

One or more processes crashed (50 out of 124 events)

Time & API	Arguments	Status
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632620 registers.edi: 1632708 registers.eax: 23117 registers.ebp: 1632680 registers.edx: 0 registers.ebx: 0 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632472 registers.edi: 1632568 registers.eax: 23117 registers.ebp: 1632532 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999575552	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632604 registers.edi: 1632692 registers.eax: 23117 registers.ebp: 1632664 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632728 registers.edi: 1632824 registers.eax: 23117 registers.ebp: 1632788 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999678976	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632620 registers.edi: 1632708 registers.eax: 23117 registers.ebp: 1632680 registers.edx: 0 registers.ebx: 0 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632472 registers.edi: 1632568 registers.eax: 23117 registers.ebp: 1632532 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999575552	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632604 registers.edi: 1632692 registers.eax: 23117 registers.ebp: 1632664 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632728 registers.edi: 1632824 registers.eax: 23117 registers.ebp: 1632788 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999678976	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632620 registers.edi: 1632708 registers.eax: 23117 registers.ebp: 1632680 registers.edx: 0 registers.ebx: 0 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632472 registers.edi: 1632568 registers.eax: 23117 registers.ebp: 1632532 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999575552	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632604 registers.edi: 1632692 registers.eax: 23117 registers.ebp: 1632664 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632728 registers.edi: 1632824 registers.eax: 23117 registers.ebp: 1632788 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999678976	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632620 registers.edi: 1632708 registers.eax: 23117 registers.ebp: 1632680 registers.edx: 0 registers.ebx: 0 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632472 registers.edi: 1632568 registers.eax: 23117 registers.ebp: 1632532 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999575552	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632604 registers.edi: 1632692 registers.eax: 23117 registers.ebp: 1632664 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632728 registers.edi: 1632824 registers.eax: 23117 registers.ebp: 1632788 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999678976	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632620 registers.edi: 1632708 registers.eax: 23117 registers.ebp: 1632680 registers.edx: 0 registers.ebx: 0 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632472 registers.edi: 1632568 registers.eax: 23117 registers.ebp: 1632532 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999575552	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632604 registers.edi: 1632692 registers.eax: 23117 registers.ebp: 1632664 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632728 registers.edi: 1632824 registers.eax: 23117 registers.ebp: 1632788 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999678976	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632620 registers.edi: 1632708 registers.eax: 23117 registers.ebp: 1632680 registers.edx: 0 registers.ebx: 0 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632472 registers.edi: 1632568 registers.eax: 23117 registers.ebp: 1632532 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999575552	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632604 registers.edi: 1632692 registers.eax: 23117 registers.ebp: 1632664 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632728 registers.edi: 1632824 registers.eax: 23117 registers.ebp: 1632788 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999678976	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632620 registers.edi: 1632708 registers.eax: 23117 registers.ebp: 1632680 registers.edx: 0 registers.ebx: 0 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632472 registers.edi: 1632568 registers.eax: 23117 registers.ebp: 1632532 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999575552	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632604 registers.edi: 1632692 registers.eax: 23117 registers.ebp: 1632664 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632728 registers.edi: 1632824 registers.eax: 23117 registers.ebp: 1632788 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999678976	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632620 registers.edi: 1632708 registers.eax: 23117 registers.ebp: 1632680 registers.edx: 0 registers.ebx: 0 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632472 registers.edi: 1632568 registers.eax: 23117 registers.ebp: 1632532 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999575552	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632604 registers.edi: 1632692 registers.eax: 23117 registers.ebp: 1632664 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632728 registers.edi: 1632824 registers.eax: 23117 registers.ebp: 1632788 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999678976	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632620 registers.edi: 1632708 registers.eax: 23117 registers.ebp: 1632680 registers.edx: 0 registers.ebx: 0 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632472 registers.edi: 1632568 registers.eax: 23117 registers.ebp: 1632532 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999575552	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632604 registers.edi: 1632692 registers.eax: 23117 registers.ebp: 1632664 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632728 registers.edi: 1632824 registers.eax: 23117 registers.ebp: 1632788 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999678976	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632620 registers.edi: 1632708 registers.eax: 23117 registers.ebp: 1632680 registers.edx: 0 registers.ebx: 0 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632472 registers.edi: 1632568 registers.eax: 23117 registers.ebp: 1632532 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999575552	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632604 registers.edi: 1632692 registers.eax: 23117 registers.ebp: 1632664 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632728 registers.edi: 1632824 registers.eax: 23117 registers.ebp: 1632788 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999678976	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632620 registers.edi: 1632708 registers.eax: 23117 registers.ebp: 1632680 registers.edx: 0 registers.ebx: 0 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632472 registers.edi: 1632568 registers.eax: 23117 registers.ebp: 1632532 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999575552	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632604 registers.edi: 1632692 registers.eax: 23117 registers.ebp: 1632664 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632728 registers.edi: 1632824 registers.eax: 23117 registers.ebp: 1632788 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999678976	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632620 registers.edi: 1632708 registers.eax: 23117 registers.ebp: 1632680 registers.edx: 0 registers.ebx: 0 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632472 registers.edi: 1632568 registers.eax: 23117 registers.ebp: 1632532 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999575552	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632604 registers.edi: 1632692 registers.eax: 23117 registers.ebp: 1632664 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632728 registers.edi: 1632824 registers.eax: 23117 registers.ebp: 1632788 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999678976	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632620 registers.edi: 1632708 registers.eax: 23117 registers.ebp: 1632680 registers.edx: 0 registers.ebx: 0 registers.esi: 49545216 registers.ecx: 1632512	1
__exception__ Feb. 15, 2022, 10:35 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x2f460ff 0x2f44133 0x2f44220 image001+0x67ebe @ 0x467ebe image001+0x6b4e7 @ 0x46b4e7 image001+0x44db @ 0x4044db image001+0x4543 @ 0x404543 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632472 registers.edi: 1632568 registers.eax: 23117 registers.ebp: 1632532 registers.edx: 0 registers.ebx: 49545216 registers.esi: 49545216 registers.ecx: 1999575552	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Performs some HTTP requests (3 events)

request	GET https://onedrive.live.com/download?cid=14EB58B8CF359D9A&resid=14EB58B8CF359D9A%21155&authkey=APd1iRnpgRA5xpE
request	GET https://tavrqq.dm.files.1drv.com/y4m_jYYGZjXaxhmYPyypZbVVDklvotJhAJ7fqA2T_rMQMHZybsrmx_Dedj0q39tfGzdMSw6zBPkwhuj0VkIfWzl7p_YosQ3j_vVv1FFL7uJ-Z7jy59gUj8u0SkqG726WoCzWv9jBsRT4kEJpyLAzEnSRKhs3-_LLMjN9Fs6vi_yv2n4urjrD7tAbEkD5-O7ZUxRg3cPjnQ4s9gTQonUPu4ocg/Iruyancquvodbegkrskmpvfthsqwgck?download&psid=1
request	GET https://tavrqq.dm.files.1drv.com/y4mnXctjl36DZwB8cfChW-YDsiUPc1AF1Dxp2wUVZ1jIE-ZkSY0lpEgtUwgfGN8CnpeLJ6WE4dpDUBdy-nWJ_0q0moaCVVbze0Cd1PHNYObhJ4ZCLxtcR8K_NH2nukmYe2aUQ6o0Kktx5140bcB9musb8eNwjKf86ZjncVjzL2wVoFIDFRTr7A8Yw99GsxD3Y2zzHKbNcUkhzq7f0XkAW_XyQ/Iruyancquvodbegkrskmpvfthsqwgck?download&psid=1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 145 events)

Time & API	Arguments	Status	Return
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0018f000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02f57000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02f464e4 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02f464e4 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02f464e4 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02f464e4 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02f464e4 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02f464e4 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02f464e4 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02f464e4 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f46000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f46000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f62000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f62000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74a8c000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74a8c000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74a8c000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74a8c000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74a8c000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74a8c000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 5 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 process_handle: 0xffffffff		3221225496
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f550ec process_handle: 0xffffffff		3221225477

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 86016 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x02f41000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0003c400', u'virtual_address': u'0x0007f000', u'entropy': 7.253084557710331, u'name': u'.rsrc', u'virtual_size': u'0x0003c400'}

entropy

7.25308455771

description

A section with a high entropy has been found

entropy

0.338483146067

description

Overall entropy of this PE file is high

Allocates execute permission to another process indicative of possible code injection (50 out of 54 events)

Time & API	Arguments	Return
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x726e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72760000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72860000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x728e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72960000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x729e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72a60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72ae0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72b60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72be0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72c60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72ce0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72de0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72e60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72ee0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72f60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72fe0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73060000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x730e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73160000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x731e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73260000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73360000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x733e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73460000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x734e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73560000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x735e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73660000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x736e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73760000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x737e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73860000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x743e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74460000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x744e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74560000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x745e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74660000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x746e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 291 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 14 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 13 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 20 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 442 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 12 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 13 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Iruyancq

reg_value

C:\Users\test22\qcnayurI.url

Creates a thread using CreateRemoteThread in a non-child process indicative of process injection (4 events)

Time & API	Arguments	Return	Repeated
Process injection	Process 2336 created a remote thread in non-child process 0
CreateRemoteThread Feb. 15, 2022, 10:35 a.m.	thread_identifier: 14 process_identifier: 0 function_address: 0x00000000 flags: 0 stack_size: 0 parameter: 0x00000000 process_handle: 0x00000000	0	0
CreateRemoteThread Feb. 15, 2022, 10:35 a.m.	thread_identifier: 12 process_identifier: 0 function_address: 0x00000000 flags: 0 stack_size: 0 parameter: 0x00000000 process_handle: 0x00000000	0	0
CreateRemoteThread Feb. 15, 2022, 10:35 a.m.	thread_identifier: 1946681344 process_identifier: 0 function_address: 0x00000000 flags: 0 stack_size: 0 parameter: 0x00000000 process_handle: 0x00000000	0	0

Manipulates memory of a non-child process indicative of process injection (50 out of 55 events)

Time & API	Arguments	Return	Repeated
Process injection	Process 2336 manipulating memory of non-child process 0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x726e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72760000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72860000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x728e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72960000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x729e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72a60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72ae0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72b60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72be0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72c60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72ce0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72de0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72e60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72ee0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72f60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72fe0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73060000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x730e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73160000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x731e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73260000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73360000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x733e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73460000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x734e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73560000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x735e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73660000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x736e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73760000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x737e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73860000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x743e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74460000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x744e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74560000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x745e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74660000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 1400832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x746e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 291 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 14 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 13 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 20 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 442 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory Feb. 15, 2022, 10:35 a.m.	process_identifier: 0 region_size: 12 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0

Potential code injection by writing to the memory of another process (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2336 injected into non-child 0
WriteProcessMemory Feb. 15, 2022, 10:35 a.m.	buffer: &h& ²Dô\õÐù#fÅõÄù#WöÐù# base_address: 0x00000000 process_identifier: 0 process_handle: 0x00000000		0	0

File has been identified by 19 AntiVirus engines on VirusTotal as malicious (19 events)

Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
FireEye	Generic.mg.1dbd7d18666bf391
CrowdStrike	win/grayware_confidence_90% (D)
Symantec	Scr.MalPbs!gen1
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	FileRepMalware
McAfee-GW-Edition	BehavesLike.Win32.Generic.bc
Avira	HEUR/AGEN.1214709
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
McAfee	Artemis!1DBD7D18666B
VBA32	Malware-Cryptor.Limpopo
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Injector.EQPQ!tr
AVG	FileRepMalware
MaxSecure	Trojan.Malware.300983.susgen

Network activity contains more than one unique useragent (2 events)

process	image001.exe				useragent	lVali
process	image001.exe				useragent	53

image001.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All