Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 11, 2022, 9:20 a.m.	July 11, 2022, 9:22 a.m.

Size	278.0KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`35ffcbaff01c1a882a48aa7e9bb32338`
SHA256	`9d3d842209c247b3f04f63b401d870a21404d86eeb92488054ed5d8db9a9a24b`
CRC32	`E750FFA0`
ssdeep	`6144:H8aVTnVgcjYT4Xf+WXv8cMkjdF4r6UrjCxGNh3XlwfjR96:H8wTV7WwHXvJMmdCrvrjZA3`
Yara	IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE64 - (no description)

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,AkMhEGvNFpnSswjeCw
2524
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,AkMhEGvNFpnSswjeCw
  2648
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,AjkRVrFNnyQmqXQdrComyaiwV
2420
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,AjkRVrFNnyQmqXQdrComyaiwV
  2864
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,BMIWqtk
2620
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,BMIWqtk
  2984
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,BpsBUyIiAmXYU
2756
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,BpsBUyIiAmXYU
  2012
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,BxBybURSqJfOwVmXj
2844
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,BxBybURSqJfOwVmXj
  2428
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,CWBdqFubMR
2180
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,CWBdqFubMR
  2536
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,CCSLGUsdVtcCbfF
2976
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,CCSLGUsdVtcCbfF
  2612
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,CbEceKaoQvfuhhIK
2388
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,CbEceKaoQvfuhhIK
  2748
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,CcBDyidVYuvtjWfG
2808
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,CcBDyidVYuvtjWfG
  3052
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,CeOVtVdkUnRPoUvswsvkEf
2228
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,CeOVtVdkUnRPoUvswsvkEf
  2996
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,CvxIGiXAzAG
2516
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,CvxIGiXAzAG
  2372
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,DPsWXvFrrwOLZwoq
2644
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,DPsWXvFrrwOLZwoq
  2668
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ENtihcf
2220
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ENtihcf
  2108
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,DllRegisterServer
2656
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,DllRegisterServer
  2200
  - regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\YnRASVZvbFhByYMp\wvLvY.dll"
    3624
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,EVYoaysfyVmedMKzqOkd
2796
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,EVYoaysfyVmedMKzqOkd
  2776
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,FSgLIbzCJsGhKrdTRUhBnjq
2172
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,FSgLIbzCJsGhKrdTRUhBnjq
  2760
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,FXswjNvwqEmJHSzKXfB
2856
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,FXswjNvwqEmJHSzKXfB
  2840
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,FmRrLoGPniSXxeHYAaRXrsSIt
2684
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,FmRrLoGPniSXxeHYAaRXrsSIt
  2232
explorer.exe C:\Windows\Explorer.EXE
1236
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,FzYYWlRKDQMfKaJAUq
2452
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,FzYYWlRKDQMfKaJAUq
  3092
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,GEQqgSeWrJkaNSdjOw
3084
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,GEQqgSeWrJkaNSdjOw
  3248
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,GLvPFjzv
3224
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,GTfYoyhXUmiOrfM
3356
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,GVTerofsGHUASHLhWfIFX
3448
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,GlLOHKioWJZCQPS
3544
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,GpqOdmj
3676
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,GtaEQGQNcgERZqWo
3820
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,GzdHPyIXWoMGb
3936
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,HKgdkPfboZzjQODFfSu
4032
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,HmXZBMEhrWvTg
1960
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,HvFWvy
3216
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ICrKqnEJHHrxYaH
3400
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,IDENrF
3564
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ISuniIBoqjzfv
3732
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,IcEiBSQQHwaxZGs
3852
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,JCFScdjDVMLKVa
4076
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,JGwGKVHFHwfxsyCIp
4020
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,JnkFkZthy
3348
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,LSRvMYckceDUkCMxwUAq
2768
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,LhZoEaJRggyJr
3924
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,MknuTlXosJJdvczIkg
3152
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,MrhDZxAutnSSobTVt
3096
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,NRfTvw
2512
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,NZDMYgNWoHhCVPBFWyuTBSesQ
4016
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,NmBmwe
2336
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,NzYPpUvQ
3768
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,OThzaIZTEfYKTCCRQlcnW
3496
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,OWMilsbkgGVyJL
3772
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,OguxguFiYSHz
4024
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,PHzWjRI
3336
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,PNJeVrAcZDAW
4132
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,PSDYwIgmLiVzYESIaUYrbKg
4228
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,PiJSThSmMmzNNC
4344
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,PneIJqdSVVerltCm
4448
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,PpsLezsCiHiCVkHmZP
4560
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,PuoUVwFKYxjCqT
4660
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,PwNlKX
4804
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,QRkaVvgiLqTCjGKy
4896
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,RJAcdfSthTv
5016
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,RYkwsDq
5116
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,RZtKxjO
4216
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,RcnQoaySRBXJxsiZQIHxe
4380
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,RdnXeofUSzEDgzxXeW
4508
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,RfsPQSmuvBYXfIScfOT
4688
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,RkfakVk
4880
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,RmhqixPgftgQ
5064
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,SInCoGYrouPZGmYYJGKIR
4244
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,SRXSueHCT
4460
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,SVlQsYSAXEyhEvVkdWdX
4640
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,SnLgFTA
4596
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,SxfQZPkEOIcG
4100
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,TJZCJgp
4356
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,TSNqZL
4656
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,TfpEQJjWUDp
4984
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,TvUVDsEcInyvKdGRA
4960
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,TvtXyQtNShHDYCMvH
4996
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,UGXSNpc
4320
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ULOMXGiV
3860
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,UVzHIeChKCEwTMG
4396
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,UagSsmENTltTUKpktiEuRJfE
5048
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,UbjFSQJG
4552
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,UjDfVglhgynLAuMpwrtpXkH
5196
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,UrxprELRNWbXXBuOJlJ
5316
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,VXDuMBzruSCyfbAMzIrvV
5420
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,VcrtEzpxSRmZr
5532
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,VkRjra
5632
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,WMxfpgNLwoiQTZjkM
5752
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,WjtCBeYwDkRZvKLfJD
5868
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,XoMiJXhdBRBldnkLkgMM
5996
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,XsBeDFcmOsaqRihqMytJ
6096
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,YGPQhuvjFbQXSoJfVilOnVw
5180
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,YvzKAJK
5356
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ZAppiYnp
5340
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ZXZEfUeKC
5680
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ZoyjBLvuBnIxXaWxFC
5856
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,aZwlVZLRtCIfDmaYbAXR
6036
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,bdnAzUNoMZJXxzHG
5132
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,btmsIKQVm
5248
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,cFminOM
5460
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,cKjOEfqQYYQ
5916
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,czIvuAZ
5188
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,dMEJcsHSUiODu
5236
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,dPYgmMRi
5668
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,dStUmppUwHfwVxtCgCewXt
5932
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,deMXieymThIxfyWzHCMb
5380
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,dgCMMkwNpUNZ
5164
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,eDtAbxMTINFwGjIRymBKxBFTe
2020
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ePfrWQkHuKqOV
5520
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,eQnPJdIEwUrOjHyYKajVY
5332
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,eWqtOcNgKbDEwKynrCTAaqRd
5556
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,eiRJXgFAjkyObQxtC
5212
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,fLsjxmtTmthGKPw
5252
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,fqsAeZLb
6180
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,frkkGhhTKCPBzCLoveBHn
6300
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,fxmvSQNzSiXj
6420
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,gATjvjWkzNfdmAJbeFMKFtUmoI
6532
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,gCFmNdxvaAq
6628
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,gfeRIwKkCZUnQQ
6772
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,gjZENXkR
6872
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,gzzlrzxMlshrI
7016
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,hClTxV
7112
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,hDdSABujeGhBdM
6188
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,hJbRrovBnfzadHBLOAaX
6324
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,hLNWWET
6508
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,iIJmtODVuCFQPMFae
6680
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,iItzzFKWzIZojfOFqJG
6824
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ibqesePIQXoUwnfgkLvfcuMFHK
6968
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ieuLWaTjVeuBYegSaGXuly
7132
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,igFffrhNCQcHQStroQFS
6332
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,irtTnxRuuXAWDuDRGCivHz
6288
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,jVNpFjHcSQ
6752
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,jotleypmamgIHEUfZPLSmMtq
7000
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,jrkFXlWfdhOn
6192
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,kOcvjMhVkKI
6456
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,kPsHiOxOlxeVBpHYooACxIXHB
6856
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,kUHyuFSDHjRQgcFnZIHgvahta
6156
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,kXMermOELWqc
6640
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,kkWRnVCjitIbHTy
1444
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,kpoFTDgQJFpD
7032
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,kvCgXPvHuWWWdAHGy
6436
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,lFcjChjFWgKWuOuaAxn
6296
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,lKFTvqNg
6848
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,lcbnVGCdYXcKZTYevsVX
7192
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,lefIOOsVMhliLLj
7296
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,mKrNVAlauoRSIht
7416
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,nRVfeUAoalGiEviupjuyTviKt
7532
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,nWkMZMN
7652
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,naKLRCkO
7752
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,njUWLbQgRBGSd
7852
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,nlBfCJTJQhnnPxbkQkUAwWpmaA
7972
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,nmBYnmjGCq
8092
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,oIAdOUfQaetEfqMDSL
8188
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,osSAAvHx
7324
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ovwgmHjsMpOQyjNpuqeLd
7456
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ozpFyAlRWIHNYPuJbOLpoZosmO
7624
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,pAbWNQjHuawouRBUprBVrXw
7776
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,pCYRinZyYkFOxayPFyJDEDxKzO
7896
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,pQvYHQSqPMdqFOFub
8124
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,pbzbgZeZipMwitVYJJbYTdyYQ
7152
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,pnbxRJnSdfpDADRIEWZXepR
7460
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,qAirVWefWGdomxGs
7648
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,qbgUwwXPUNM
7736
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,rJVMJaiBojiOWxURyzmLWnxH
8152
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,rOlGGoosrOYjYnwqSX
7344
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,rSHUNkevMkknNwSlqR
7764
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,rmrMOmqIIM
7960
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,sBcaPzIWckINwkFTBxmdkiKID
7408
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,sJXDLm
7784
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,sNQjkxnpfL
7184
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,sPKnvGEKVGRHsXgbRRJFS
8076
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,snoSMpnSAlGCDUoadZDE
7732
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,tGDiqYCDbgMaBXHmxqrJv
7484
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,tGdwKquShaUWskzgERPqeG
8204
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,tXncljehbaR
8312
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,taNCAYWnFedga
8428
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,uFBMgXMRHfYmHKtd
8552
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,uQadijPTgYiRGTkxDpqTOeI
8656
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,vlEZdJoJilVuJxGaLFCzX
8772
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,vlPATCQWfWfv
8896
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,vnMwerzIvV
8992
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,wDtWqzCTVUWdqo
9104
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,weKcSTEtgvLwNKGEWr
7880
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,wyslQDXAh
8360
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,xRklmHvgNdkXc
8540
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,xbTTVacjLMTUBskAADEzpolBV
8672
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,xbcfQIhiMJswKveISUtGpEWTr
8864
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ytgHNsgBKfkMoZjHI
9036
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,zLypEkbxfdampkTf
9168
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,ziTLFIzOnbzURBefGdA
8304
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\EOgFGo17w.dll,
8616

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
103.126.216.86	Active	Moloch
103.224.241.74	Active	Moloch
103.41.204.169	Active	Moloch
103.71.99.57	Active	Moloch
103.85.95.4	Active	Moloch
104.248.225.227	Active	Moloch
128.199.217.206	Active	Moloch
139.196.72.155	Active	Moloch
139.59.80.108	Active	Moloch
164.124.101.2	Active	Moloch
165.232.185.110	Active	Moloch
174.138.33.49	Active	Moloch
175.126.176.79	Active	Moloch
178.238.225.252	Active	Moloch
178.62.112.199	Active	Moloch
188.165.79.151	Active	Moloch
188.225.32.231	Active	Moloch
190.145.8.4	Active	Moloch
196.44.98.190	Active	Moloch
198.199.70.22	Active	Moloch
202.134.4.210	Active	Moloch
37.44.244.177	Active	Moloch
5.253.30.17	Active	Moloch
54.37.106.167	Active	Moloch
54.37.228.122	Active	Moloch
62.171.178.147	Active	Moloch
87.106.97.83	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49385 -> 188.165.79.151:443	2404310	ET CNC Feodo Tracker Reported CnC Server group 11	A Network Trojan was detected
TCP 192.168.56.103:49391 -> 5.253.30.17:7080	2404320	ET CNC Feodo Tracker Reported CnC Server group 21	A Network Trojan was detected
TCP 188.165.79.151:443 -> 192.168.56.103:49385	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49415 -> 104.248.225.227:8080	2404301	ET CNC Feodo Tracker Reported CnC Server group 2	A Network Trojan was detected
TCP 192.168.56.103:49388 -> 196.44.98.190:8080	2404312	ET CNC Feodo Tracker Reported CnC Server group 13	A Network Trojan was detected
TCP 192.168.56.103:49383 -> 188.165.79.151:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49415 -> 104.248.225.227:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49390 -> 5.253.30.17:7080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49443 -> 103.224.241.74:8080	2404300	ET CNC Feodo Tracker Reported CnC Server group 1	A Network Trojan was detected
TCP 192.168.56.103:49384 -> 188.165.79.151:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49416 -> 104.248.225.227:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 104.248.225.227:8080 -> 192.168.56.103:49418	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49443 -> 103.224.241.74:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49452 -> 178.62.112.199:8080	2404309	ET CNC Feodo Tracker Reported CnC Server group 10	A Network Trojan was detected
TCP 192.168.56.103:49389 -> 5.253.30.17:7080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49461 -> 139.196.72.155:8080	2404303	ET CNC Feodo Tracker Reported CnC Server group 4	A Network Trojan was detected
TCP 103.224.241.74:8080 -> 192.168.56.103:49446	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49448 -> 178.62.112.199:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49420 -> 54.37.106.167:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49469 -> 103.126.216.86:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49378 -> 174.138.33.49:7080	2404308	ET CNC Feodo Tracker Reported CnC Server group 9	A Network Trojan was detected
TCP 192.168.56.103:49470 -> 103.126.216.86:443	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49422 -> 54.37.106.167:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49458 -> 139.196.72.155:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 5.253.30.17:7080 -> 192.168.56.103:49391	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 54.37.106.167:8080 -> 192.168.56.103:49423	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49428 -> 198.199.70.22:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 198.199.70.22:8080 -> 192.168.56.103:49430	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49427 -> 198.199.70.22:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 178.62.112.199:8080 -> 192.168.56.103:49451	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49449 -> 178.62.112.199:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49445 -> 103.224.241.74:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 139.196.72.155:8080 -> 192.168.56.103:49460	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49459 -> 139.196.72.155:8080	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 192.168.56.103:49463 -> 188.225.32.231:4143	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 188.225.32.231:4143 -> 192.168.56.103:49464	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49462 -> 188.225.32.231:4143	2028401	ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex	Unknown Traffic
TCP 103.126.216.86:443 -> 192.168.56.103:49471	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA July 11, 2022, 9:13 a.m.	computer_name: TEST22-PC	1	1	0

One or more processes crashed (50 out of 66 events)

Time & API	Arguments	Status
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 1830832 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 1830872 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 5639528	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 1830832 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 1830872 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 5639528	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 1833476 registers.edi: 0 registers.eax: 45752608 registers.ebp: 1833504 registers.edx: 1 registers.ebx: 0 registers.esi: 3284560 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 2486760 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 2486800 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 8719720	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 2486760 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 2486800 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 8719720	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 2489404 registers.edi: 0 registers.eax: 46997856 registers.ebp: 2489432 registers.edx: 1 registers.ebx: 0 registers.esi: 6364776 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 2681792 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 2681832 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 7802216	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 2681792 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 2681832 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 7802216	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 2684436 registers.edi: 0 registers.eax: 45687072 registers.ebp: 2684464 registers.edx: 1 registers.ebx: 0 registers.esi: 5447248 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 2092204 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 2092244 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 8064360	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 2092204 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 2092244 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 8064360	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 2094848 registers.edi: 0 registers.eax: 46211360 registers.ebp: 2094876 registers.edx: 1 registers.ebx: 0 registers.esi: 5709408 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 3272816 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 3272856 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 6360424	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 3272816 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 3272856 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 6360424	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 3275460 registers.edi: 0 registers.eax: 46211336 registers.ebp: 3275488 registers.edx: 1 registers.ebx: 0 registers.esi: 4005400 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 1699612 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 1699652 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 6950248	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 1699612 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 1699652 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 6950248	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 1702256 registers.edi: 0 registers.eax: 42017032 registers.ebp: 1702284 registers.edx: 1 registers.ebx: 0 registers.esi: 7675416 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 2747708 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 2747748 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 4394344	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 2747708 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 2747748 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 4394344	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 2750352 registers.edi: 0 registers.eax: 44835080 registers.ebp: 2750380 registers.edx: 1 registers.ebx: 0 registers.esi: 6889024 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 913036 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 913076 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 5901672	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 913036 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 913076 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 5901672	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 915680 registers.edi: 0 registers.eax: 46801184 registers.ebp: 915708 registers.edx: 1 registers.ebx: 0 registers.esi: 3546704 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 2682700 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 2682740 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 8981864	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 2682700 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 2682740 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 8981864	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 2685344 registers.edi: 0 registers.eax: 12067080 registers.ebp: 2685372 registers.edx: 1 registers.ebx: 0 registers.esi: 6626880 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 1960840 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 1960880 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 7015784	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 1960840 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 1960880 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 7015784	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 1963484 registers.edi: 0 registers.eax: 32186632 registers.ebp: 1963512 registers.edx: 1 registers.ebx: 0 registers.esi: 4660648 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 1437484 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 1437524 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 6884712	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 1437484 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 1437524 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 6884712	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 1440128 registers.edi: 0 registers.eax: 49160480 registers.ebp: 1440156 registers.edx: 1 registers.ebx: 0 registers.esi: 4529768 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 3206788 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 3206828 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 5246312	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 3206788 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 3206828 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 5246312	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 3209432 registers.edi: 0 registers.eax: 32645384 registers.ebp: 3209460 registers.edx: 1 registers.ebx: 0 registers.esi: 1973824 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 1043552 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 1043592 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 6557032	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 1043552 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 1043592 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 6557032	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 1046196 registers.edi: 0 registers.eax: 12591392 registers.ebp: 1046224 registers.edx: 1 registers.ebx: 0 registers.esi: 6889040 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 2616392 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 2616432 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 6950248	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 2616392 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 2616432 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 6950248	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 2619036 registers.edi: 0 registers.eax: 45228384 registers.ebp: 2619064 registers.edx: 1 registers.ebx: 0 registers.esi: 7675512 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 2484936 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 2484976 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 8981864	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 2484936 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 2484976 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 8981864	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 2487580 registers.edi: 0 registers.eax: 31727880 registers.ebp: 2487608 registers.edx: 1 registers.ebx: 0 registers.esi: 6626840 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 1568588 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 1568628 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 6688104	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 1568588 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 1568628 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 6688104	1
__exception__ July 11, 2022, 9:21 a.m.	stacktrace: CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x754ad08c TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x754a964b TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75494d6b TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75496f7c CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x7549e825 TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75496002 TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75495fe8 TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x754949e3 TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75495a20 RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x772e9a91 LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x77308f10 RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x77308e5c ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x76877a25 rundll32+0x135c @ 0x2a135c rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25 exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4 exception.instruction: call dword ptr [ecx + 0xc] exception.module: MSCTF.dll exception.exception_code: 0xc0000005 exception.offset: 278260 exception.address: 0x754c3ef4 registers.esp: 1571232 registers.edi: 0 registers.eax: 12787976 registers.ebp: 1571260 registers.edx: 1 registers.ebx: 0 registers.esi: 7151016 registers.ecx: 1943025020	1
__exception__ July 11, 2022, 9:20 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 3075636 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 3075676 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 6294888	1
__exception__ July 11, 2022, 9:20 a.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75596d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75596de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75596e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x772c011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x755bcf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x755ef73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x755efa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x755efb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x73f477b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x755efd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x755efd57 rundll32+0x393f @ 0x2a393f rundll32+0x247a @ 0x2a247a rundll32+0x1baf @ 0x2a1baf rundll32+0x12e8 @ 0x2a12e8 rundll32+0x1901 @ 0x2a1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x768733ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73d23f46 registers.esp: 3075636 registers.edi: 0 registers.eax: 1943158598 registers.ebp: 3075676 registers.edx: 0 registers.ebx: 0 registers.esi: 1943158598 registers.ecx: 6294888	1

Communication to multiple IPs on high port numbers possibly indicative of a peer-to-peer (P2P) or non-standard command and control protocol (8 events)

ip	103.224.241.74
ip	104.248.225.227
ip	139.196.72.155
ip	178.62.112.199
ip	188.225.32.231
ip	198.199.70.22
ip	5.253.30.17
ip	54.37.106.167

Allocates read-write-execute memory (usually to unpack itself) (50 out of 132 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2648 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001dd0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2864 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2864 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c40000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2012 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2012 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2984 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2428 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2428 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000500000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2536 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000002f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2536 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000300000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2612 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2612 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2748 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001d20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2748 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001d30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 3052 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001db0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 3052 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001dc0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2996 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2996 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2372 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001ca0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2372 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001cb0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2668 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001da0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2668 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001db0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2108 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001ca0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2108 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001cb0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2776 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2776 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000300000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:12 a.m.	process_identifier: 2200 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000310000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 2760 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000002f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 2760 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c70000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 2840 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001da0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 2840 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001ea0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 2232 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 2232 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 3092 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 3092 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 11, 2022, 9:20 a.m.	process_identifier: 3356 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73cb1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 11, 2022, 9:20 a.m.	process_identifier: 3448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73cb1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 11, 2022, 9:20 a.m.	process_identifier: 3544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73cb1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 3624 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000010011000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 3624 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefee30000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 3624 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007feff10d000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 3624 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 3624 region_size: 188416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 3624 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefcf27000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 3624 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefd6af000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 3624 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefd5d9000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory July 11, 2022, 9:13 a.m.	process_identifier: 3624 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076cf0000 process_handle: 0xffffffffffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 event)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW July 11, 2022, 9:14 a.m.	total_number_of_free_bytes: 0 free_bytes_available: 7525212160 root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Explorer total_number_of_bytes: 0	1	1	0

Creates a suspicious process (1 event)

cmdline

C:\Windows\system32\regsvr32.exe "C:\Windows\system32\YnRASVZvbFhByYMp\wvLvY.dll"

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (13 events)

Time & API	Arguments	Status	Return
Process32NextW July 11, 2022, 9:12 a.m.	snapshot_handle: 0x0000000000000138 process_name: mobsync.exe process_identifier: 2016	1	1
Process32NextW July 11, 2022, 9:12 a.m.	snapshot_handle: 0x0000000000000138 process_name: sdclt.exe process_identifier: 2144	1	1
Process32NextW July 11, 2022, 9:12 a.m.	snapshot_handle: 0x0000000000000138 process_name: conhost.exe process_identifier: 2340	1	1
Process32NextW July 11, 2022, 9:12 a.m.	snapshot_handle: 0x0000000000000138 process_name: pw.exe process_identifier: 2408	1	1
Process32NextW July 11, 2022, 9:12 a.m.	snapshot_handle: 0x0000000000000138 process_name: rundll32.exe process_identifier: 2656	1	1
Process32NextW July 11, 2022, 9:12 a.m.	snapshot_handle: 0x0000000000000138 process_name: rundll32.exe process_identifier: 2200	1	1
Process32NextW July 11, 2022, 9:13 a.m.	snapshot_handle: 0x0000000000000154 process_name: rundll32.exe process_identifier: 3084	1	1
Process32NextW July 11, 2022, 9:13 a.m.	snapshot_handle: 0x0000000000000154 process_name: rundll32.exe process_identifier: 3224	1	1
Process32NextW July 11, 2022, 9:13 a.m.	snapshot_handle: 0x0000000000000154 process_name: rundll32.exe process_identifier: 3248	1	1
Process32NextW July 11, 2022, 9:13 a.m.	snapshot_handle: 0x0000000000000154 process_name: rundll32.exe process_identifier: 3356	1	1
Process32NextW July 11, 2022, 9:13 a.m.	snapshot_handle: 0x0000000000000154 process_name: rundll32.exe process_identifier: 3448	1	1
Process32NextW July 11, 2022, 9:13 a.m.	snapshot_handle: 0x0000000000000154 process_name: rundll32.exe process_identifier: 3544	1	1
Process32NextW July 11, 2022, 9:13 a.m.	snapshot_handle: 0x0000000000000154 process_name: regsvr32.exe process_identifier: 3624	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0002e600', u'virtual_address': u'0x0001a000', u'entropy': 7.832588443776013, u'name': u'.rsrc', u'virtual_size': u'0x0002e480'}

entropy

7.83258844378

description

A section with a high entropy has been found

entropy

0.669675090253

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (2 events)

process	regsvr32.exe
process	rundll32.exe

Communicates with host for which no DNS query was performed (26 events)

host	103.126.216.86
host	103.224.241.74
host	103.41.204.169
host	103.71.99.57
host	103.85.95.4
host	104.248.225.227
host	128.199.217.206
host	139.196.72.155
host	139.59.80.108
host	165.232.185.110
host	174.138.33.49
host	175.126.176.79
host	178.238.225.252
host	178.62.112.199
host	188.165.79.151
host	188.225.32.231
host	190.145.8.4
host	196.44.98.190
host	198.199.70.22
host	202.134.4.210
host	37.44.244.177
host	5.253.30.17
host	54.37.106.167
host	54.37.228.122
host	62.171.178.147
host	87.106.97.83

Installs itself for autorun at Windows startup (1 event)

service_name

wvLvY.dll

service_path

C:\Windows\System32\regsvr32.exe "C:\Windows\system32\YnRASVZvbFhByYMp\wvLvY.dll"

Created a service where a service was also not started (1 event)

Time & API	Arguments	Status	Return	Repeated
CreateServiceW July 11, 2022, 9:13 a.m.	service_start_name: start_type: 2 password: display_name: wvLvY.dll filepath: C:\Windows\System32\regsvr32.exe "C:\Windows\system32\YnRASVZvbFhByYMp\wvLvY.dll" service_name: wvLvY.dll filepath_r: C:\Windows\system32\regsvr32.exe "C:\Windows\system32\YnRASVZvbFhByYMp\wvLvY.dll" desired_access: 2 service_handle: 0x000000000041ee90 error_control: 0 service_type: 16 service_manager_handle: 0x00000000003eb6f0	1	4320912	0

Attempts to remove evidence of file being downloaded from the Internet (1 event)

file	C:\Windows\System32\YnRASVZvbFhByYMp\wvLvY.dll:Zone.Identifier

Generates some ICMP traffic

File has been identified by 32 AntiVirus engines on VirusTotal as malicious (32 events)

DrWeb	Trojan.Siggen18.21729
MicroWorld-eScan	Trojan.GenericKDZ.89509
FireEye	Generic.mg.35ffcbaff01c1a88
ALYac	Trojan.GenericKDZ.89509
Arcabit	Trojan.Generic.D15DA5
Cyren	W64/Emotet.ELT.gen!Eldorado
Elastic	malicious (high confidence)
ESET-NOD32	Win64/Emotet.AL
ClamAV	Win.Trojan.Emotet-9955403-0
Kaspersky	Trojan-Banker.Win32.Emotet.gjir
BitDefender	Trojan.GenericKDZ.89509
Avast	Win64:BotX-gen [Trj]
Ad-Aware	Trojan.GenericKDZ.89509
Sophos	Troj/Emotet-DCG
VIPRE	Trojan.GenericKDZ.89509
TrendMicro	TrojanSpy.Win64.EMOTET.SMYXCFC
McAfee-GW-Edition	Emotet-FTY!35FFCBAFF01C
Emsisoft	Trojan.GenericKDZ.89509 (B)
Jiangmin	Trojan.Banker.Emotet.ruu
Avira	TR/Crypt.Agent.ecxde
Antiy-AVL	Trojan/Generic.ASMalwS.3F62
Microsoft	Trojan:Win64/EmotetCrypt.TS!MTB
GData	Trojan.GenericKDZ.89509
Cynet	Malicious (score: 99)
AhnLab-V3	Malware/Win.FTY.R503424
McAfee	Emotet-FTY!35FFCBAFF01C
Malwarebytes	Trojan.Emotet
Rising	Trojan.Emotet!8.B95 (C64:YzY0OsbA4SlW4UTk)
Yandex	Trojan.PWS.Emotet!DuwB0IXk1uI
MAX	malware (ai score=89)
Fortinet	W64/Emotet.F1DB!tr
AVG	Win64:BotX-gen [Trj]

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (29 events)

dead_host	87.106.97.83:7080
dead_host	190.145.8.4:443
dead_host	192.168.56.103:49437
dead_host	103.85.95.4:8080
dead_host	192.168.56.103:49433
dead_host	192.168.56.103:49388
dead_host	192.168.56.103:49457
dead_host	196.44.98.190:8080
dead_host	192.168.56.103:49412
dead_host	165.232.185.110:8080
dead_host	103.71.99.57:8080
dead_host	103.41.204.169:8080
dead_host	192.168.56.103:49454
dead_host	192.168.56.103:49455
dead_host	128.199.217.206:443
dead_host	174.138.33.49:7080
dead_host	192.168.56.103:49409
dead_host	192.168.56.103:49440
dead_host	192.168.56.103:49393
dead_host	175.126.176.79:8080
dead_host	37.44.244.177:8080
dead_host	62.171.178.147:8080
dead_host	178.238.225.252:8080
dead_host	139.59.80.108:8080
dead_host	192.168.56.103:49453
dead_host	54.37.228.122:443
dead_host	192.168.56.103:49467
dead_host	202.134.4.210:7080
dead_host	192.168.56.103:49456

EOgFGo17w

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All