Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 30, 2022, 9:19 a.m.	March 30, 2022, 9:24 a.m.

Size	827.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`efd638102b94041f24a6b614a46e0f70`
SHA256	`204e96b879210c8e42455d3670b69e7c2408bb65324b8243346803ef24af6f9d`
CRC32	`0438ABD3`
ssdeep	`12288:k8XoVKkPa3yFwp0ShMnn0sAIpxxfBy2oYWVwyUcPdCL9/ZHi:zYIkCyFwXhM0jIpx+h7UcPdCLHH`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file IsPE32 - (no description) PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals

vbc.exe "C:\Users\test22\AppData\Local\Temp\vbc.exe"
2300

Name	Response	Post-Analysis Lookup
ars9095genesh.com	A 52.74.83.175	52.74.83.175

IP Address	Status	Action
164.124.101.2	Active	Moloch
52.74.83.175	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.itext

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

MP3_MED

One or more processes crashed (50 out of 124 events)

Time & API	Arguments	Status
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633004 registers.edi: 1633092 registers.eax: 23117 registers.ebp: 1633064 registers.edx: 0 registers.ebx: 0 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632856 registers.edi: 1632952 registers.eax: 23117 registers.ebp: 1632916 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999575552	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632988 registers.edi: 1633076 registers.eax: 23117 registers.ebp: 1633048 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633112 registers.edi: 1633208 registers.eax: 23117 registers.ebp: 1633172 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999678976	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633004 registers.edi: 1633092 registers.eax: 23117 registers.ebp: 1633064 registers.edx: 0 registers.ebx: 0 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632856 registers.edi: 1632952 registers.eax: 23117 registers.ebp: 1632916 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999575552	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632988 registers.edi: 1633076 registers.eax: 23117 registers.ebp: 1633048 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633112 registers.edi: 1633208 registers.eax: 23117 registers.ebp: 1633172 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999678976	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633004 registers.edi: 1633092 registers.eax: 23117 registers.ebp: 1633064 registers.edx: 0 registers.ebx: 0 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632856 registers.edi: 1632952 registers.eax: 23117 registers.ebp: 1632916 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999575552	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632988 registers.edi: 1633076 registers.eax: 23117 registers.ebp: 1633048 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633112 registers.edi: 1633208 registers.eax: 23117 registers.ebp: 1633172 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999678976	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633004 registers.edi: 1633092 registers.eax: 23117 registers.ebp: 1633064 registers.edx: 0 registers.ebx: 0 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632856 registers.edi: 1632952 registers.eax: 23117 registers.ebp: 1632916 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999575552	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632988 registers.edi: 1633076 registers.eax: 23117 registers.ebp: 1633048 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633112 registers.edi: 1633208 registers.eax: 23117 registers.ebp: 1633172 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999678976	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633004 registers.edi: 1633092 registers.eax: 23117 registers.ebp: 1633064 registers.edx: 0 registers.ebx: 0 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632856 registers.edi: 1632952 registers.eax: 23117 registers.ebp: 1632916 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999575552	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632988 registers.edi: 1633076 registers.eax: 23117 registers.ebp: 1633048 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633112 registers.edi: 1633208 registers.eax: 23117 registers.ebp: 1633172 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999678976	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633004 registers.edi: 1633092 registers.eax: 23117 registers.ebp: 1633064 registers.edx: 0 registers.ebx: 0 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632856 registers.edi: 1632952 registers.eax: 23117 registers.ebp: 1632916 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999575552	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632988 registers.edi: 1633076 registers.eax: 23117 registers.ebp: 1633048 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633112 registers.edi: 1633208 registers.eax: 23117 registers.ebp: 1633172 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999678976	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633004 registers.edi: 1633092 registers.eax: 23117 registers.ebp: 1633064 registers.edx: 0 registers.ebx: 0 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632856 registers.edi: 1632952 registers.eax: 23117 registers.ebp: 1632916 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999575552	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632988 registers.edi: 1633076 registers.eax: 23117 registers.ebp: 1633048 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633112 registers.edi: 1633208 registers.eax: 23117 registers.ebp: 1633172 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999678976	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633004 registers.edi: 1633092 registers.eax: 23117 registers.ebp: 1633064 registers.edx: 0 registers.ebx: 0 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632856 registers.edi: 1632952 registers.eax: 23117 registers.ebp: 1632916 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999575552	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632988 registers.edi: 1633076 registers.eax: 23117 registers.ebp: 1633048 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633112 registers.edi: 1633208 registers.eax: 23117 registers.ebp: 1633172 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999678976	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633004 registers.edi: 1633092 registers.eax: 23117 registers.ebp: 1633064 registers.edx: 0 registers.ebx: 0 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632856 registers.edi: 1632952 registers.eax: 23117 registers.ebp: 1632916 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999575552	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632988 registers.edi: 1633076 registers.eax: 23117 registers.ebp: 1633048 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633112 registers.edi: 1633208 registers.eax: 23117 registers.ebp: 1633172 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999678976	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633004 registers.edi: 1633092 registers.eax: 23117 registers.ebp: 1633064 registers.edx: 0 registers.ebx: 0 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632856 registers.edi: 1632952 registers.eax: 23117 registers.ebp: 1632916 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999575552	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632988 registers.edi: 1633076 registers.eax: 23117 registers.ebp: 1633048 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633112 registers.edi: 1633208 registers.eax: 23117 registers.ebp: 1633172 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999678976	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633004 registers.edi: 1633092 registers.eax: 23117 registers.ebp: 1633064 registers.edx: 0 registers.ebx: 0 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632856 registers.edi: 1632952 registers.eax: 23117 registers.ebp: 1632916 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999575552	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632988 registers.edi: 1633076 registers.eax: 23117 registers.ebp: 1633048 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633112 registers.edi: 1633208 registers.eax: 23117 registers.ebp: 1633172 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999678976	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633004 registers.edi: 1633092 registers.eax: 23117 registers.ebp: 1633064 registers.edx: 0 registers.ebx: 0 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632856 registers.edi: 1632952 registers.eax: 23117 registers.ebp: 1632916 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999575552	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlRetrieveNtUserPfn+0x2ea RtlOpenCurrentUser-0x2c8 ntdll+0x5ada7 @ 0x7730ada7 RtlRetrieveNtUserPfn+0x4bb RtlOpenCurrentUser-0xf7 ntdll+0x5af78 @ 0x7730af78 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632988 registers.edi: 1633076 registers.eax: 23117 registers.ebp: 1633048 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633112 registers.edi: 1633208 registers.eax: 23117 registers.ebp: 1633172 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999678976	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageNtHeader+0x1b RtlDeleteCriticalSection-0x1476 ntdll+0x3317f @ 0x772e317f RtlDosPathNameToNtPathName_U_WithStatus+0x33e LdrAccessResource-0x572 ntdll+0x4199e @ 0x772f199e RtlDosPathNameToNtPathName_U_WithStatus+0x2de LdrAccessResource-0x5d2 ntdll+0x4193e @ 0x772f193e RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1633004 registers.edi: 1633092 registers.eax: 23117 registers.ebp: 1633064 registers.edx: 0 registers.ebx: 0 registers.esi: 33882112 registers.ecx: 1633024	1
__exception__ March 30, 2022, 9:19 a.m.	stacktrace: RtlImageDirectoryEntryToData+0x5c RtlAddRefActivationContext-0x80 ntdll+0x2f5a2 @ 0x772df5a2 RtlImageDirectoryEntryToData+0x1a RtlAddRefActivationContext-0xc2 ntdll+0x2f560 @ 0x772df560 RtlDosPathNameToNtPathName_U_WithStatus+0x10e LdrAccessResource-0x7a2 ntdll+0x4176e @ 0x772f176e RtlRetrieveNtUserPfn+0x464 RtlOpenCurrentUser-0x14e ntdll+0x5af21 @ 0x7730af21 RtlDosPathNameToNtPathName_U_WithStatus+0x26e LdrAccessResource-0x642 ntdll+0x418ce @ 0x772f18ce RtlDosPathNameToNtPathName_U_WithStatus+0xee LdrAccessResource-0x7c2 ntdll+0x4174e @ 0x772f174e RtlLoadString+0x9c TpSetTimer-0x5bd ntdll+0x43e5f @ 0x772f3e5f LoadStringBaseExW+0x51 LoadStringA-0x91 kernelbase+0x13b2a @ 0x76703b2a LoadStringA+0x1d RegisterClassExA-0x5a user32+0x1db3e @ 0x7559db3e New_user32_LoadStringA@16+0x91 New_user32_LoadStringW@16-0x8b @ 0x74047322 0x20560ff 0x2054133 0x2054220 vbc+0x695bf @ 0x4695bf vbc+0x7b140 @ 0x47b140 vbc+0x4d0b @ 0x404d0b vbc+0x4d73 @ 0x404d73 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 66 39 06 0f 85 7d c8 00 00 8b 46 3c 89 45 dc 3a exception.symbol: RtlImageNtHeaderEx+0x5a RtlImageDirectoryEntryToData-0x57 ntdll+0x2f4ef exception.instruction: cmp word ptr [esi], ax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 193775 exception.address: 0x772df4ef registers.esp: 1632856 registers.edi: 1632952 registers.eax: 23117 registers.ebp: 1632916 registers.edx: 0 registers.ebx: 33882112 registers.esi: 33882112 registers.ecx: 1999575552	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Performs some HTTP requests (1 event)

request

GET http://ars9095genesh.com/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv/Izqntwyxutbanbjksfuazfsxdqbthcr

Allocates read-write-execute memory (usually to unpack itself) (50 out of 8245 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00500000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00482000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00482000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00482000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00482000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00482000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00482000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00482000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00482000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00482000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04269000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10410000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10420000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10430000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10440000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10450000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10460000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10470000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10490000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 81920 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x02051000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00047600', u'virtual_address': u'0x00091000', u'entropy': 6.889740744951662, u'name': u'.rsrc', u'virtual_size': u'0x00047600'}

entropy

6.88974074495

description

A section with a high entropy has been found

entropy

0.345432546884

description

Overall entropy of this PE file is high

Allocates execute permission to another process indicative of possible code injection (50 out of 8195 events)

Time & API	Arguments	Return
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10410000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10420000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10430000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10440000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10450000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10460000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10470000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10490000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10500000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10510000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10520000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10530000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10540000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10550000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10560000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10570000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10580000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10590000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x105a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x105b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x105c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x105d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x105e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x105f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10600000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10610000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10620000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10630000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10640000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10650000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10660000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10670000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10680000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10690000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x106a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x106b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x106c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x106d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x106e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x106f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10700000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10710000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10720000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Izqntwy

reg_value

C:\Users\Public\ywtnqzI.url

Creates a thread using CreateRemoteThread in a non-child process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2300 created a remote thread in non-child process 0
CreateRemoteThread March 30, 2022, 9:19 a.m.	thread_identifier: 805371904 process_identifier: 0 function_address: 0x00000000 flags: 0 stack_size: 0 parameter: 0x00000000 process_handle: 0x00000000		0	0

Manipulates memory of a non-child process indicative of process injection (50 out of 8196 events)

Time & API	Arguments	Return	Repeated
Process injection	Process 2300 manipulating memory of non-child process 0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10410000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10420000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10430000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10440000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10450000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10460000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10470000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10490000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x104f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10500000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10510000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10520000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10530000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10540000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10550000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10560000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10570000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10580000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10590000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x105a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x105b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x105c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x105d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x105e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x105f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10600000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10610000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10620000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10630000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10640000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10650000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10660000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10670000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10680000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10690000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x106a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x106b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x106c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x106d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x106e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x106f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10700000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0
NtAllocateVirtualMemory March 30, 2022, 9:19 a.m.	process_identifier: 0 region_size: 167936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10710000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000000	3221225480	0

Network activity contains more than one unique useragent (2 events)

process	vbc.exe				useragent	lVali
process	vbc.exe				useragent	19

File has been identified by 23 AntiVirus engines on VirusTotal as malicious (23 events)

Lionic	Trojan.Win32.Remcos.m!c
Elastic	malicious (moderate confidence)
McAfee	Artemis!EFD638102B94
K7AntiVirus	Trojan ( 7000000f1 )
K7GW	Trojan ( 7000000f1 )
BitDefenderTheta	Gen:NN.ZelphiCO.34294.ZK0@aazuDGdi
Cyren	W32/Delf.RI.gen!Eldorado
Symantec	Scr.MalPbs!gen1
Paloalto	generic.ml
Kaspersky	HEUR:Backdoor.Win32.Remcos.gen
Avast	Win32:InjectorX-gen [Trj]
Sophos	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
APEX	Malicious
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
VBA32	TrojanDownloader.Agent
Malwarebytes	Malware.AI.2933089245
Rising	Backdoor.Remcos!8.B89E (CLOUD)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Injector.EQPQ!tr
AVG	Win32:InjectorX-gen [Trj]
CrowdStrike	win/malicious_confidence_70% (W)

vbc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All