Filename : MT5CLW64.2280905636923DE34D6CF5C63C7A97CF Time : 2015.07.08 06:17 (0:02:18) Program : Client Terminal Version : 500.1159 (22 Jun 2015) Revision : 10690 OS : Windows 7 Service Pack 1 (Build 7601) BIOS : ALASKA - 1072009 - ZNJETOQIDXWBKBDP-XOBVOL - Z9PE-D8 WS Explorer : 9.11 ID : 2E5FF6E1-084A-I-150628 Processors : 24 x Intel Xeon E5-2620 v2 @ 2.10GHz, x64 Computer : MEDUSAWIN:medusawin Memory : 27269 free of 32716 Mb Virtual : 8387730 free of 8388607 Mb Handlers : 705 CrashMD5 : 73C293BFDEF5A16FB04C2FE0D39505B1 CustomInfo : Exception : C0000005 at 0000000077A4ADA4 write to 0000000000000024 Modules : 000000013F870000 02FA1000 C:\Program Files\MetaTrader 5-opt\terminal64.exe (5.0.0.1159) : 0000000077A00000 001A9000 C:\Windows\SYSTEM32\ntdll.dll (6.1.7601.18869) : 00000000777E0000 0011F000 C:\Windows\system32\kernel32.dll (6.1.7601.18869) : 000007FEFDA50000 0006C000 C:\Windows\system32\KERNELBASE.dll (6.1.7601.18869) : 000007FEFD8B0000 0016D000 C:\Windows\system32\CRYPT32.dll (6.1.7601.18741) : 000007FEFFA10000 0009F000 C:\Windows\system32\msvcrt.dll (6.1.8638.17744) : 000007FEFD7C0000 0000F000 C:\Windows\system32\MSASN1.dll (6.1.7601.17514) : 000007FEFB600000 0003B000 C:\Windows\system32\WINMM.dll (6.1.7600.16385) : 0000000077900000 000FA000 C:\Windows\system32\USER32.dll (6.1.7601.17514) : 000007FEFF890000 00067000 C:\Windows\system32\GDI32.dll (6.1.7601.18778) : 000007FEFF880000 0000E000 C:\Windows\system32\LPK.dll (6.1.7601.18768) : 000007FEFDB70000 000C9000 C:\Windows\system32\USP10.dll (1.626.7601.18454) : 000007FEFC880000 0000C000 C:\Windows\system32\VERSION.dll (6.1.7600.16385) : 000007FEFAF30000 00016000 C:\Windows\system32\NETAPI32.dll (6.1.7601.17887) : 000007FEFAF20000 0000C000 C:\Windows\system32\netutils.dll (6.1.7601.17514) : 000007FEFD270000 00023000 C:\Windows\system32\srvcli.dll (6.1.7601.17514) : 000007FEFDE70000 0012D000 C:\Windows\system32\RPCRT4.dll (6.1.7601.18532) : 000007FEFAF00000 00015000 C:\Windows\system32\wkscli.dll (6.1.7601.17514) : 000007FEFAC60000 00014000 C:\Windows\system32\SAMCLI.DLL (6.1.7601.17514) : 000007FEF9B20000 00071000 C:\Windows\system32\WINHTTP.dll (6.1.7601.17514) : 000007FEF9AB0000 00064000 C:\Windows\system32\webio.dll (6.1.7601.17725) : 000007FEFBB60000 00216000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_2b26557a71eb7442\gdiplus.dll (6.1.7601.18834) : 000007FEFDC40000 00203000 C:\Windows\system32\ole32.dll (6.1.7601.17514) : 000007FEFBD80000 00056000 C:\Windows\system32\UxTheme.dll (6.1.7600.16385) : 000007FEFA7B0000 00007000 C:\Windows\system32\MSIMG32.dll (6.1.7600.16385) : 000007FEFA690000 00071000 C:\Windows\system32\WINSPOOL.DRV (6.1.7601.17514) : 000007FEFF7A0000 000DB000 C:\Windows\system32\ADVAPI32.dll (6.1.7601.18869) : 000007FEFF1B0000 0001F000 C:\Windows\SYSTEM32\sechost.dll (6.1.7601.18869) : 000007FEFE420000 00D89000 C:\Windows\system32\SHELL32.dll (6.1.7601.18762) : 000007FEFE210000 00071000 C:\Windows\system32\SHLWAPI.dll (6.1.7601.17514) : 000007FEFBE30000 001F4000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.dll (6.1.7601.18837) : 000007FEFF620000 000D7000 C:\Windows\system32\OLEAUT32.dll (6.1.7601.18679) : 000007FEF82E0000 00023000 C:\Windows\system32\oledlg.dll (6.1.7600.16385) : 000007FEFAA40000 00009000 C:\Windows\system32\WSOCK32.dll (6.1.7600.16385) : 000007FEFF200000 0004D000 C:\Windows\system32\WS2_32.dll (6.1.7601.17514) : 000007FEFDFA0000 00008000 C:\Windows\system32\NSI.dll (6.1.7600.16385) : 000007FEFB280000 00027000 C:\Windows\system32\IPHLPAPI.DLL (6.1.7601.17514) : 000007FEFB260000 0000B000 C:\Windows\system32\WINNSI.DLL (6.1.7600.16385) : 000007FEF71F0000 00125000 C:\Windows\system32\dbghelp.dll (6.1.7601.17514) : 000007FEFD3F0000 0000B000 C:\Windows\system32\Secur32.dll (6.1.7601.18869) : 000007FEFD5C0000 00025000 C:\Windows\system32\SSPICLI.DLL (6.1.7601.18869) : 000007FEFA630000 00054000 C:\Windows\system32\OLEACC.dll (6.1.7601.17676) : 000007FEFF1D0000 0002E000 C:\Windows\system32\IMM32.dll (6.1.7600.16385) : 000007FEFF900000 00109000 C:\Windows\system32\MSCTF.dll (6.1.7601.18731) : 000007FEFD650000 0000F000 C:\Windows\system32\CRYPTBASE.dll (6.1.7600.16385) : 000007FEF5890000 00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll : 000007FEFB5E0000 00015000 C:\Windows\system32\NLAapi.dll (6.1.7601.17964) : 000007FEF75C0000 00015000 C:\Windows\system32\napinsp.dll (6.1.7600.16385) : 000007FEF75A0000 00019000 C:\Windows\system32\pnrpnsp.dll (6.1.7600.16385) : 000007FEFCF90000 00055000 C:\Windows\System32\mswsock.dll (6.1.7601.18254) : 000007FEFCE10000 0005B000 C:\Windows\system32\DNSAPI.dll (6.1.7601.17570) : 000007FEF7590000 0000B000 C:\Windows\System32\winrnr.dll (6.1.7600.16385) : 000007FEFB120000 00053000 C:\Windows\System32\fwpuclnt.dll (6.1.7601.18283) : 000007FEF7610000 00008000 C:\Windows\system32\rasadhlp.dll (6.1.7600.16385) : 000007FEFCFF0000 00018000 C:\Windows\system32\CRYPTSP.dll (6.1.7601.18741) : 000007FEFCCF0000 00047000 C:\Windows\system32\rsaenh.dll (6.1.7600.16385) : 000007FEFD5F0000 00057000 C:\Windows\system32\apphelp.dll (6.1.7601.18777) : 000007FEFB9A0000 00018000 C:\Windows\system32\dwmapi.dll (6.1.7600.16385) : 000007FEFF700000 00099000 C:\Windows\system32\CLBCatQ.DLL (6.1.7600.16385) : 000007FEF45C0000 00DC3000 C:\Windows\System32\ieframe.dll (11.0.9600.17840) : 000007FEFDA30000 00005000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll (6.2.9200.16492) : 000007FEFDA40000 00004000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll (6.2.9200.16492) : 000007FEFD830000 00004000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll (6.2.9200.16492) : 000007FEFAD40000 00004000 C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll (6.2.9200.16492) : 000007FEFDB60000 00004000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll (6.2.9200.16492) : 000007FEFD8A0000 00003000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll (6.2.9200.16492) : 0000000077BC0000 00003000 C:\Windows\system32\normaliz.DLL (6.1.7600.16385) : 000007FEFF2B0000 002C7000 C:\Windows\system32\iertutil.dll (11.0.9600.17840) : 000007FEF8390000 00004000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll (6.2.9200.16492) : 000007FEFE290000 00185000 C:\Windows\system32\urlmon.dll (11.0.9600.17840) : 000007FEFDA20000 00004000 C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll (6.2.9200.16492) : 000007FEFFAB0000 0025A000 C:\Windows\system32\WININET.dll (11.0.9600.17840) : 000007FEFD7D0000 0001E000 C:\Windows\system32\USERENV.dll (6.1.7601.17514) : 000007FEFD7B0000 0000F000 C:\Windows\system32\profapi.dll (6.1.7600.16385) : 000007FEFD660000 00091000 C:\Windows\system32\SXS.DLL (6.1.7601.17514) : 000007FEFC480000 0012C000 C:\Windows\system32\PROPSYS.dll (7.0.7601.17514) : 000007FEEDC20000 017CD000 C:\Windows\System32\mshtml.dll (11.0.9600.17842) : 000007FEF82A0000 00004000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll (6.2.9200.16492) : 000007FEFD700000 00014000 C:\Windows\system32\RpcRtRemote.dll (6.1.7601.17514) : 000007FEFC950000 00007000 C:\Windows\System32\wshtcpip.dll (6.1.7600.16385) : 000007FEF7500000 0000E000 C:\Windows\system32\msimtf.dll (6.1.7600.16385) : 000007FEF8310000 00042000 C:\Windows\system32\msls31.dll : 000007FEF02F0000 003C4000 C:\Windows\system32\d2d1.dll (6.2.9200.16765) : 000007FEF2580000 00197000 C:\Windows\system32\DWrite.dll (6.2.9200.17292) : 000007FEF8D80000 0005D000 C:\Windows\system32\dxgi.dll (6.2.9200.16492) : 000007FEFD7F0000 0003B000 C:\Windows\system32\WINTRUST.dll (6.1.7601.18741) : 000007FEF8BA0000 001D5000 C:\Windows\system32\d3d11.dll (6.2.9200.16570) : 000007FEF28D0000 0003B000 C:\Windows\system32\MLANG.dll (6.1.7600.16385) : 000007FEFC5B0000 0004B000 C:\Windows\system32\MMDevAPI.DLL (6.1.7600.16385) : 000007FEFB570000 0003B000 C:\Windows\system32\wdmaud.drv (6.1.7601.17514) : 00000000753A0000 00006000 C:\Windows\system32\ksuser.dll (6.1.7600.16385) : 000007FEFC470000 00009000 C:\Windows\system32\AVRT.dll (6.1.7600.16385) : 000007FEFE030000 001D7000 C:\Windows\system32\SETUPAPI.dll (6.1.7601.17514) : 000007FEFD840000 00036000 C:\Windows\system32\CFGMGR32.dll (6.1.7601.17514) : 000007FEFD880000 0001A000 C:\Windows\system32\DEVOBJ.dll (6.1.7600.16385) : 000007FEFAD90000 0004F000 C:\Windows\system32\AUDIOSES.DLL (6.1.7601.18741) : 000007FEFAB00000 0000A000 C:\Windows\system32\msacm32.drv (6.1.7600.16385) : 000007FEFAAE0000 00018000 C:\Windows\system32\MSACM32.dll (6.1.7600.16385) : 000007FEFAAD0000 00009000 C:\Windows\system32\midimap.dll (6.1.7600.16385) : 000007FEFCBC0000 0000A000 C:\Windows\system32\credssp.dll (6.1.7601.18869) : 000007FEFCF80000 00007000 C:\Windows\System32\wship6.dll (6.1.7600.16385) : 000007FEFB0D0000 00018000 C:\Windows\system32\dhcpcsvc.DLL (6.1.7600.16385) : 000007FEFCD80000 00057000 C:\Windows\system32\schannel.DLL (6.1.7601.18869) : 000007FEFD170000 00050000 C:\Windows\system32\ncrypt.dll (6.1.7601.18869) : 000007FEFD140000 00022000 C:\Windows\system32\bcrypt.dll (6.1.7600.16385) : 000007FEFCC30000 0004C000 C:\Windows\system32\bcryptprimitives.dll (6.1.7601.17514) : 000007FEFCA70000 0001B000 C:\Windows\system32\GPAPI.dll (6.1.7600.16385) Registers : RAX=0000000000000000 RIP=0000000077A4ADA4 EFLGS=00010213 : RBX=0000000014487068 RSP=000000001C04F930 RBP=0000000000000000 : RCX=00000000FFFFFFFC RSI=00000000000008E0 CS=0033 : RDX=00000000000008E0 RDI=0000000000000000 DS=002b : R8 =000000001C04F8E8 R12=0000000000000000 ES=002b : R9 =0000000000000004 R13=0000000000000000 FS=0053 : R10=0000000000000000 R14=000007FFFFF90000 GS=002b : R11=0000000000000246 R15=0000000000000000 SS=002b Stack info : top=000000001C050000 bottom=000000001C04C000 base=000000001BF50000 Threads : #000 000000000000113C EIP: 0000000077A4DBFA ESP: 000000000027EFE8 gui main 0000000077A4DBF0:00000A [0000000077A4DBFA] ZwWriteVirtualMemory (ntdll.dll) 000007FEFDA51040:00009C [000007FEFDA510DC] WaitForSingleObjectEx (kernelbase.dll) 000000013FED35D0:000096 [000000013FED3666] #27834 (terminal64.exe) 000000013FE93650:0000A3 [000000013FE936F3] #27289 (terminal64.exe) 000000013FE87E10:000121 [000000013FE87F31] #27208 (terminal64.exe) 000000013FE8A530:000027 [000000013FE8A557] #27225 (terminal64.exe) 000000013FB31610:000175 [000000013FB31785] #16093 (terminal64.exe) 000000013FB33630:000070 [000000013FB336A0] #16106 (terminal64.exe) 000000013FA9BB20:0000A5 [000000013FA9BBC5] #14431 (terminal64.exe) 000000013FA7A974:000188 [000000013FA7AAFC] #13880 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #001 0000000000001268 EIP: 0000000077A4E16A ESP: 0000000002C9F528 0000000077A4E160:00000A [0000000077A4E16A] NtWriteFileGather (ntdll.dll) 0000000077A1A000:0008F7 [0000000077A1A8F7] TpReleasePool (ntdll.dll) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #002 0000000000000F3C EIP: 0000000077A4E16A ESP: 000000001492F4D8 0000000077A4E160:00000A [0000000077A4E16A] NtWriteFileGather (ntdll.dll) 000007FEFDA513F0:000040 [000007FEFDA51430] GetCurrentProcess (kernelbase.dll) 0000000077801680:0000B3 [0000000077801733] WaitForMultipleObjectsEx (kernel32.dll) 0000000077918DA0:0001DD [0000000077918F7D] GetSystemMenu (user32.dll) 0000000077916284:00002E [00000000779162B2] OpenInputDesktop (user32.dll) 00000000779162C0:000020 [00000000779162E0] OpenIcon (user32.dll) 000007FEFBBBD1CC:015BE0 [000007FEFBBD2DAC] GdiplusStartup (gdiplus.dll) 000007FEFBBBD1CC:015A44 [000007FEFBBD2C10] GdiplusStartup (gdiplus.dll) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #003 00000000000013C8 EIP: 0000000077A4DBFA ESP: 0000000014B0F9A8 0000000077A4DBF0:00000A [0000000077A4DBFA] ZwWriteVirtualMemory (ntdll.dll) 000007FEFDA51040:00009C [000007FEFDA510DC] WaitForSingleObjectEx (kernelbase.dll) 000000013FEEAD60:000168 [000000013FEEAEC8] #28133 (terminal64.exe) 000000013FEEAF10:000023 [000000013FEEAF33] #28134 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #004 00000000000013C0 EIP: 0000000077A4DC4A ESP: 0000000014CAFB78 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #005 00000000000022E8 EIP: 0000000077A4DC4A ESP: 0000000014E4FD08 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #006 00000000000017EC EIP: 0000000077A4DC4A ESP: 0000000014F5FC48 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #007 00000000000020F0 EIP: 0000000077A4DC4A ESP: 000000001509FCA8 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #008 00000000000010F4 EIP: 0000000077A4DC4A ESP: 00000000151DF638 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #009 0000000000000CE4 EIP: 0000000077A4DC4A ESP: 000000001530F908 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #010 0000000000001A08 EIP: 0000000077A4DC4A ESP: 000000001550F938 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #011 00000000000004B8 EIP: 0000000077A4DC4A ESP: 000000001568F9B8 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #012 0000000000001304 EIP: 0000000077A4DC4A ESP: 0000000002AEFDC8 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #013 00000000000018B8 EIP: 0000000077A4DC4A ESP: 00000000157DFCC8 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #014 0000000000002240 EIP: 0000000077A4DC4A ESP: 000000001593F918 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #015 00000000000011F8 EIP: 0000000077A4DC4A ESP: 0000000015A9FAA8 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #016 0000000000001174 EIP: 0000000077A4DC4A ESP: 0000000015CFFB78 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #017 000000000000214C EIP: 0000000077A4DC4A ESP: 0000000015BFFC58 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #018 0000000000000574 EIP: 0000000077A4DC4A ESP: 0000000015E2F708 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #019 0000000000001AC8 EIP: 0000000077A4DC4A ESP: 00000000160EFC68 0000000077A4DC40:00000A [0000000077A4DC4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFDA51670:00003D [000007FEFDA516AD] GetQueuedCompletionStatus (kernelbase.dll) 00000000777E9970:000011 [00000000777E9981] GetQueuedCompletionStatus (kernel32.dll) 000000013FEEAC00:000038 [000000013FEEAC38] #28131 (terminal64.exe) 000000013FEEAD20:000023 [000000013FEEAD43] #28132 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #020 0000000000001C80 EIP: 0000000077A4F4BA ESP: 000000001A91F6A8 0000000077A4F4B0:00000A [0000000077A4F4BA] ZwYieldExecution (ntdll.dll) 0000000077A1F330:00039B [0000000077A1F6CB] RtlWalkHeap (ntdll.dll) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #021 0000000000000BF8 EIP: 0000000077A4DEFA ESP: 000000001A20FB38 0000000077A4DEF0:00000A [0000000077A4DEFA] NtDeleteValueKey (ntdll.dll) 000007FEFDA51150:0000B3 [000007FEFDA51203] SleepEx (kernelbase.dll) 000007FEFDC4E890:001940 [000007FEFDC501D0] ObjectStublessClient25 (ole32.dll) 000007FEFDC4E890:001876 [000007FEFDC50106] ObjectStublessClient25 (ole32.dll) 000007FEFDC4E890:0018F2 [000007FEFDC50182] ObjectStublessClient25 (ole32.dll) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #022 00000000000012A8 EIP: 0000000077A4DBFA ESP: 000000001F69F688 0000000077A4DBF0:00000A [0000000077A4DBFA] ZwWriteVirtualMemory (ntdll.dll) 000007FEFDA51040:00009C [000007FEFDA510DC] WaitForSingleObjectEx (kernelbase.dll) 000000013FED3260:000032 [000000013FED3292] #27826 (terminal64.exe) 000000013FED3350:00000E [000000013FED335E] #27827 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #023 0000000000001A9C EIP: 0000000077919E6A ESP: 000000001F4FFB98 0000000077919E50:00001A [0000000077919E6A] SoundSentry (user32.dll) 0000000077916110:00004E [000000007791615E] GetNextDlgTabItem (user32.dll) 000007FEFB6010D5:000000 [000007FEFB6010D5] unknown (winmm.dll) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #024 0000000000001E44 EIP: 0000000077A4DBFA ESP: 000000002448FA88 0000000077A4DBF0:00000A [0000000077A4DBFA] ZwWriteVirtualMemory (ntdll.dll) 000007FEFDA51040:00009C [000007FEFDA510DC] WaitForSingleObjectEx (kernelbase.dll) 000000013FAE91D0:000112 [000000013FAE92E2] #15111 (terminal64.exe) 000000013FAE9310:00000E [000000013FAE931E] #15112 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #025 0000000000001AA8 EIP: 0000000077A4F4BA ESP: 00000000249DFAE8 0000000077A4F4B0:00000A [0000000077A4F4BA] ZwYieldExecution (ntdll.dll) 0000000077A1F330:00039B [0000000077A1F6CB] RtlWalkHeap (ntdll.dll) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) : #026 0000000000002268 EIP: 0000000077A4F3FA ESP: 000000001BF3F748 0000000077A4F3F0:00000A [0000000077A4F3FA] ZwUnlockFile (ntdll.dll) 0000000077AF67A0:000040 [0000000077AF67E0] ExpInterlockedPopEntrySListResume16 (ntdll.dll) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) crash : #027 0000000000002250 EIP: 0000000077A4ADA4 ESP: 000000001C04F930 0000000077A4A830:000574 [0000000077A4ADA4] RtlDefaultNpAcl (ntdll.dll) 0000000077A4A830:0004A4 [0000000077A4ACD4] RtlDefaultNpAcl (ntdll.dll) 000000013FED2CD0:00003F [000000013FED2D0F] #27822 (terminal64.exe) 000000013FED3260:000058 [000000013FED32B8] #27826 (terminal64.exe) 000000013FED3350:00000E [000000013FED335E] #27827 (terminal64.exe) 000000013FA7DE6C:000107 [000000013FA7DF73] #13967 (terminal64.exe) 000000013FA7DF88:000192 [000000013FA7E11A] #13968 (terminal64.exe) 00000000777F59C0:00000D [00000000777F59CD] BaseThreadInitThunk (kernel32.dll) 0000000077A2B960:000021 [0000000077A2B981] RtlVerifyVersionInfo (ntdll.dll) 0000000077A4A830 4885C9 test rcx, rcx 0000000077A4A833 0F8489C80100 jz dword 0x77a670c2 0000000077A4A839 8B5108 mov edx, [rcx+0x8] 0000000077A4A83C F6C201 test dl, 0x1 0000000077A4A83F 0F8498000000 jz dword 0x77a4a8dd 0000000077A4A845 488B4140 mov rax, [rcx+0x40] 0000000077A4A849 4885C0 test rax, rax 0000000077A4A84C 7407 jz 0x77a4a855 0000000077A4A84E 482BC1 sub rax, rcx 0000000077A4A851 48894140 mov [rcx+0x40], rax 0000000077A4A855 488B4158 mov rax, [rcx+0x58] 0000000077A4A859 4885C0 test rax, rax 0000000077A4A85C 7407 jz 0x77a4a865 0000000077A4A85E 482BC1 sub rax, rcx 0000000077A4A861 48894158 mov [rcx+0x58], rax 0000000077A4A865 488B4168 mov rax, [rcx+0x68] 0000000077A4A869 4885C0 test rax, rax 0000000077A4A86C 7407 jz 0x77a4a875 0000000077A4A86E 482BC1 sub rax, rcx 0000000077A4A871 48894168 mov [rcx+0x68], rax 0000000077A4A875 488B4178 mov rax, [rcx+0x78] 0000000077A4A879 4885C0 test rax, rax 0000000077A4A87C 7407 jz 0x77a4a885 0000000077A4A87E 482BC1 sub rax, rcx 0000000077A4A881 48894178 mov [rcx+0x78], rax 0000000077A4A885 488B81B8000000 mov rax, [rcx+0xb8] 0000000077A4A88C 4885C0 test rax, rax 0000000077A4A88F 740A jz 0x77a4a89b 0000000077A4A891 482BC1 sub rax, rcx 0000000077A4A894 488981B8000000 mov [rcx+0xb8], rax 0000000077A4A89B 488B81C8000000 mov rax, [rcx+0xc8] 0000000077A4A8A2 4885C0 test rax, rax 0000000077A4A8A5 740A jz 0x77a4a8b1 0000000077A4A8A7 482BC1 sub rax, rcx 0000000077A4A8AA 488981C8000000 mov [rcx+0xc8], rax 0000000077A4A8B1 488B81D8000000 mov rax, [rcx+0xd8] 0000000077A4A8B8 4885C0 test rax, rax 0000000077A4A8BB 740A jz 0x77a4a8c7 0000000077A4A8BD 482BC1 sub rax, rcx 0000000077A4A8C0 488981D8000000 mov [rcx+0xd8], rax 0000000077A4A8C7 488B81E8000000 mov rax, [rcx+0xe8] 0000000077A4A8CE 4885C0 test rax, rax 0000000077A4A8D1 0F85EEC70100 jnz dword 0x77a670c5 0000000077A4A8D7 83E2FE and edx, 0xfe 0000000077A4A8DA 895108 mov [rcx+0x8], edx 0000000077A4A8DD 488BC1 mov rax, rcx 0000000077A4A8E0 C3 ret 0000000077A4A8E1 418BC8 mov ecx, r8d 0000000077A4A8E4 E981DDFFFF jmp 0x77a4866a 0000000077A4A8E9 418B7DF8 mov edi, [r13-0x8] 0000000077A4A8ED E9B7DEFFFF jmp 0x77a487a9 0000000077A4A8F2 B800020000 mov eax, 0x200 0000000077A4A8F7 83E6F7 and esi, 0xf7 0000000077A4A8FA 443BC8 cmp r9d, eax 0000000077A4A8FD 440F4FC8 cmovg r9d, eax 0000000077A4A901 E9D1DEFFFF jmp 0x77a487d7 0000000077A4A906 4103C2 add eax, r10d 0000000077A4A909 E90EDFFFFF jmp 0x77a4881c 0000000077A4A90E 4C8D4C2438 lea r9, [rsp+0x38] 0000000077A4A913 4C8BC5 mov r8, rbp 0000000077A4A916 418BD4 mov edx, r12d 0000000077A4A919 B120 mov cl, 0x20 0000000077A4A91B E81440FCFF call 0x77a0e934 ; RtlIpv6StringToAddressExW (ntdll.dll) 0000000077A4A920 90 nop 0000000077A4A921 E96FDFFFFF jmp 0x77a48895 0000000077A4A926 4080FF2A cmp dil, 0x2a 0000000077A4A92A 0F84FC9F0100 jz dword 0x77a6492c 0000000077A4A930 438D0C89 lea ecx, [r9+r9*4] 0000000077A4A934 400FBEC7 movsx eax, dil 0000000077A4A938 448D4C48D0 lea r9d, [rax+rcx*2-0x30] 0000000077A4A93D 44894C2440 mov [rsp+0x40], r9d 0000000077A4A942 E975DDFFFF jmp 0x77a486bc 0000000077A4A947 458BC8 mov r9d, r8d 0000000077A4A94A 4489442440 mov [rsp+0x40], r8d 0000000077A4A94F E968DDFFFF jmp 0x77a486bc 0000000077A4A954 B807000000 mov eax, 0x7 0000000077A4A959 EB3B jmp 0x77a4a996 0000000077A4A95B 83E96E sub ecx, 0x6e 0000000077A4A95E 0F842A9E0100 jz dword 0x77a6478e 0000000077A4A964 83E901 sub ecx, 0x1 0000000077A4A967 0F84B69D0100 jz dword 0x77a64723 0000000077A4A96D 83E901 sub ecx, 0x1 0000000077A4A970 0F848A9D0100 jz dword 0x77a64700 0000000077A4A976 83E903 sub ecx, 0x3 0000000077A4A979 0F84A19C0100 jz dword 0x77a64620 0000000077A4A97F 83E902 sub ecx, 0x2 0000000077A4A982 0F84E7DDFFFF jz dword 0x77a4876f 0000000077A4A988 83F903 cmp ecx, 0x3 0000000077A4A98B 0F85BADEFFFF jnz dword 0x77a4884b 0000000077A4A991 8D4124 lea eax, [rcx+0x24] 0000000077A4A994 EB00 jmp 0x77a4a996 0000000077A4A996 89442460 mov [rsp+0x60], eax 0000000077A4A99A 41B810000000 mov r8d, 0x10 0000000077A4A9A0 4084F6 test sil, sil 0000000077A4A9A3 0F89CEDDFFFF jns dword 0x77a48777 0000000077A4A9A9 E9619D0100 jmp 0x77a6470f 0000000077A4A9AE 4533C0 xor r8d, r8d 0000000077A4A9B1 418BD3 mov edx, r11d 0000000077A4A9B4 498BCA mov rcx, r10 0000000077A4A9B7 41C7450001000000 mov dword [r13+0x0], 0x1 0000000077A4A9BF 896C2420 mov [rsp+0x20], ebp 0000000077A4A9C3 E878640000 call 0x77a50e40 ; RtlNewSecurityObjectWithMultipleInheritance (ntdll.dll) 0000000077A4A9C8 488B6C2468 mov rbp, [rsp+0x68] 0000000077A4A9CD 4883C430 add rsp, 0x30 0000000077A4A9D1 415E pop r14 0000000077A4A9D3 415D pop r13 0000000077A4A9D5 415C pop r12 0000000077A4A9D7 C3 ret 0000000077A4A9D8 488B4130 mov rax, [rcx+0x30] 0000000077A4A9DC 488987D0000000 mov [rdi+0xd0], rax 0000000077A4A9E3 E9D55CFFFF jmp 0x77a406bd 0000000077A4A9E8 A802 test al, 0x2 0000000077A4A9EA 0F857EFA0400 jnz dword 0x77a9a46e 0000000077A4A9F0 B901000000 mov ecx, 0x1 0000000077A4A9F5 E9A1E4FFFF jmp 0x77a48e9b 0000000077A4A9FA 4D3BCA cmp r9, r10 0000000077A4A9FD 0F83541DFEFF jae dword 0x77a2c757 0000000077A4AA03 4D2BD9 sub r11, r9 0000000077A4AA06 430FB7040B movzx eax, word [r11+r9] 0000000077A4AA0B 66413901 cmp [r9], ax 0000000077A4AA0F 0F856D1DFEFF jnz dword 0x77a2c782 0000000077A4AA15 4983C102 add r9, 0x2 0000000077A4AA19 4D3BCA cmp r9, r10 0000000077A4AA1C 72E8 jb 0x77a4aa06 0000000077A4AA1E E927830100 jmp 0x77a62d4a 0000000077A4AA23 4D85C0 test r8, r8 0000000077A4AA26 0F85F1990200 jnz dword 0x77a7441d 0000000077A4AA2C 4C8DBAF8020000 lea r15, [rdx+0x2f8] 0000000077A4AA33 488DB200030000 lea rsi, [rdx+0x300] 0000000077A4AA3A 498B07 mov rax, [r15] 0000000077A4AA3D 4885C0 test rax, rax 0000000077A4AA40 0F84B0F4FFFF jz dword 0x77a49ef6 0000000077A4AA46 8B6818 mov ebp, [rax+0x18] 0000000077A4AA49 4803E8 add rbp, rax 0000000077A4AA4C 4C390E cmp [rsi], r9 0000000077A4AA4F 0F8532F4FFFF jnz dword 0x77a49e87 0000000077A4AA55 488B4A20 mov rcx, [rdx+0x20] 0000000077A4AA59 488D542450 lea rdx, [rsp+0x50] 0000000077A4AA5E 488B4160 mov rax, [rcx+0x60] 0000000077A4AA62 488902 mov [rdx], rax 0000000077A4AA65 488B4168 mov rax, [rcx+0x68] 0000000077A4AA69 48894208 mov [rdx+0x8], rax 0000000077A4AA6D 0FB75C2450 movzx ebx, word [rsp+0x50] 0000000077A4AA72 488D4B0E lea rcx, [rbx+0xe] 0000000077A4AA76 4881F908020000 cmp rcx, 0x208 0000000077A4AA7D 0F87A8990200 ja dword 0x77a7442b 0000000077A4AA83 488D7C2460 lea rdi, [rsp+0x60] 0000000077A4AA88 BA08020000 mov edx, 0x208 0000000077A4AA8D 48897C2448 mov [rsp+0x48], rdi 0000000077A4AA92 6689542442 mov [rsp+0x42], dx 0000000077A4AA97 488B542458 mov rdx, [rsp+0x58] 0000000077A4AA9C 4C8BC3 mov r8, rbx 0000000077A4AA9F 488BCF mov rcx, rdi 0000000077A4AAA2 E8E9040000 call 0x77a4af90 ; RtlCopyUnicodeString (ntdll.dll) 0000000077A4AAA7 488B0532C50000 mov rax, [rip+0xc532] 0000000077A4AAAE 48D1EB shr rbx, 1 0000000077A4AAB1 4889045F mov [rdi+rbx*2], rax 0000000077A4AAB5 8B052DC50000 mov eax, [rip+0xc52d] 0000000077A4AABB 89445F08 mov [rdi+rbx*2+0x8], eax 0000000077A4AABF 0FB70526C50000 movzx eax, word [rip+0xc526] 0000000077A4AAC6 6689445F0C mov [rdi+rbx*2+0xc], ax 0000000077A4AACB 0FB7442450 movzx eax, word [rsp+0x50] 0000000077A4AAD0 6683C00C add ax, 0xc 0000000077A4AAD4 6689442440 mov [rsp+0x40], ax 0000000077A4AAD9 E9A9F3FFFF jmp 0x77a49e87 0000000077A4AADE 65488B0425300000 mov rax, [gs:0x30] 00 0000000077A4AAE7 488B5048 mov rdx, [rax+0x48] 0000000077A4AAEB 48395110 cmp [rcx+0x10], rdx 0000000077A4AAEF 0F8551010000 jnz dword 0x77a4ac46 0000000077A4AAF5 FF410C inc dword [rcx+0xc] 0000000077A4AAF8 33C0 xor eax, eax 0000000077A4AAFA 4883C420 add rsp, 0x20 0000000077A4AAFE 5B pop rbx 0000000077A4AAFF C3 ret 0000000077A4AB00 FF4A14 dec dword [rdx+0x14] 0000000077A4AB03 E9E6560000 jmp 0x77a501ee 0000000077A4AB08 498B00 mov rax, [r8] 0000000077A4AB0B 483B4220 cmp rax, [rdx+0x20] 0000000077A4AB0F 0F84C6000000 jz dword 0x77a4abdb 0000000077A4AB15 4B8904D3 mov [r11+r10*8], rax 0000000077A4AB19 E953570000 jmp 0x77a50271 0000000077A4AB1E 41FF4814 dec dword [r8+0x14] 0000000077A4AB22 E9145A0000 jmp 0x77a5053b 0000000077A4AB27 498B02 mov rax, [r10] 0000000077A4AB2A 493B4020 cmp rax, [r8+0x20] 0000000077A4AB2E 0F84D0000000 jz dword 0x77a4ac04 0000000077A4AB34 4B8904FE mov [r14+r15*8], rax 0000000077A4AB38 448A742440 mov r14b, [rsp+0x40] 0000000077A4AB3D E99D5A0000 jmp 0x77a505df 0000000077A4AB42 488B83C8000000 mov rax, [rbx+0xc8] 0000000077A4AB49 498D0C00 lea rcx, [r8+rax] 0000000077A4AB4D 483B8BC0000000 cmp rcx, [rbx+0xc0] 0000000077A4AB54 0F822E5B0000 jb dword 0x77a50688 0000000077A4AB5A 4533C9 xor r9d, r9d 0000000077A4AB5D 488BD6 mov rdx, rsi 0000000077A4AB60 488BCB mov rcx, rbx 0000000077A4AB63 E8E8A3FDFF call 0x77a24f50 ; RtlAddAccessDeniedAceEx (ntdll.dll) 0000000077A4AB68 E9775E0000 jmp 0x77a509e4 0000000077A4AB6D 41BB20000000 mov r11d, 0x20 0000000077A4AB73 83C2E0 add edx, 0xe0 0000000077A4AB76 4983E840 sub r8, 0x40 0000000077A4AB7A 4D2BCB sub r9, r11 0000000077A4AB7D E90D630000 jmp 0x77a50e8f 0000000077A4AB82 837B7C00 cmp dword [rbx+0x7c], 0x0 0000000077A4AB86 0F84D3000100 jz dword 0x77a5ac5f 0000000077A4AB8C 8B42F8 mov eax, [rdx-0x8] 0000000077A4AB8F 89842408020000 mov [rsp+0x208], eax 0000000077A4AB96 85437C test [rbx+0x7c], eax 0000000077A4AB99 740D jz 0x77a4aba8 0000000077A4AB9B 338388000000 xor eax, [rbx+0x88] 0000000077A4ABA1 89842408020000 mov [rsp+0x208], eax 0000000077A4ABA8 0FB7842408020000 movzx eax, word [rsp+0x208] 0000000077A4ABB0 668944247A mov [rsp+0x7a], ax 0000000077A4ABB5 488BB42450030000 mov rsi, [rsp+0x350] 0000000077A4ABBD 0FB74E08 movzx ecx, word [rsi+0x8] 0000000077A4ABC1 0FB7C0 movzx eax, ax 0000000077A4ABC4 2BC8 sub ecx, eax 0000000077A4ABC6 85C9 test ecx, ecx 0000000077A4ABC8 0F8EBD5D0000 jle dword 0x77a5098b 0000000077A4ABCE E9C05D0000 jmp 0x77a50993 0000000077A4ABD3 FF4714 inc dword [rdi+0x14] 0000000077A4ABD6 E9A75D0000 jmp 0x77a50982 0000000077A4ABDB 4BC704D300000000 mov qword [r11+r10*8], 0x0 0000000077A4ABE3 8BC7 mov eax, edi 0000000077A4ABE5 C1E805 shr eax, 0x5 0000000077A4ABE8 83E71F and edi, 0x1f 0000000077A4ABEB 400FB6CF movzx ecx, dil 0000000077A4ABEF 41D3E7 shl r15d, cl 0000000077A4ABF2 8BC8 mov ecx, eax 0000000077A4ABF4 488B4228 mov rax, [rdx+0x28] 0000000077A4ABF8 41F7D7 not r15d 0000000077A4ABFB 44213C88 and [rax+rcx*4], r15d 0000000077A4ABFF E96D560000 jmp 0x77a50271 0000000077A4AC04 4BC704FE00000000 mov qword [r14+r15*8], 0x0 0000000077A4AC0C 418BC1 mov eax, r9d 0000000077A4AC0F C1E805 shr eax, 0x5 0000000077A4AC12 4183E11F and r9d, 0x1f 0000000077A4AC16 BA01000000 mov edx, 0x1 0000000077A4AC1B 410FB6C9 movzx ecx, r9b 0000000077A4AC1F D3E2 shl edx, cl 0000000077A4AC21 8BC8 mov ecx, eax 0000000077A4AC23 498B4028 mov rax, [r8+0x28] 0000000077A4AC27 F7D2 not edx 0000000077A4AC29 211488 and [rax+rcx*4], edx 0000000077A4AC2C 448A742440 mov r14b, [rsp+0x40] 0000000077A4AC31 E9A9590000 jmp 0x77a505df 0000000077A4AC36 4D8BC3 mov r8, r11 0000000077A4AC39 4C899C2480000000 mov [rsp+0x80], r11 0000000077A4AC41 E94F5C0000 jmp 0x77a50895 0000000077A4AC46 488B4120 mov rax, [rcx+0x20] 0000000077A4AC4A 48896C2430 mov [rsp+0x30], rbp 0000000077A4AC4F 4889742438 mov [rsp+0x38], rsi 0000000077A4AC54 480FBAE01A bt rax, 0x1a 0000000077A4AC59 48897C2440 mov [rsp+0x40], rdi 0000000077A4AC5E BD000000FF mov ebp, 0xff000000 0000000077A4AC63 0F82E341FCFF jb dword 0x77a0ee4c 0000000077A4AC69 BE01000000 mov esi, 0x1 0000000077A4AC6E 8D7E03 lea edi, [rsi+0x3] 0000000077A4AC71 4C8B4320 mov r8, [rbx+0x20] 0000000077A4AC75 498BD0 mov rdx, r8 0000000077A4AC78 4C23C5 and r8, rbp 0000000077A4AC7B 81E2FFFFFF00 and edx, 0xffffff 0000000077A4AC81 4885D2 test rdx, rdx 0000000077A4AC84 0F85D286FDFF jnz dword 0x77a2335c 0000000077A4AC8A 8B4308 mov eax, [rbx+0x8] 0000000077A4AC8D A801 test al, 0x1 0000000077A4AC8F 742E jz 0x77a4acbf 0000000077A4AC91 8BC8 mov ecx, eax 0000000077A4AC93 33CE xor ecx, esi 0000000077A4AC95 F00FB14B08 lock cmpxchg [rbx+0x8], ecx 0000000077A4AC9A 751F jnz 0x77a4acbb 0000000077A4AC9C 490FBAE019 bt r8, 0x19 0000000077A4ACA1 0F82AAD6FBFF jb dword 0x77a08351 0000000077A4ACA7 488B7C2440 mov rdi, [rsp+0x40] 0000000077A4ACAC 488B742438 mov rsi, [rsp+0x38] 0000000077A4ACB1 488B6C2430 mov rbp, [rsp+0x30] 0000000077A4ACB6 E90A4C0000 jmp 0x77a4f8c5 0000000077A4ACBB A801 test al, 0x1 0000000077A4ACBD 75D2 jnz 0x77a4ac91 0000000077A4ACBF 490FBAE019 bt r8, 0x19 0000000077A4ACC4 0F822176FBFF jb dword 0x77a022eb 0000000077A4ACCA 8BD7 mov edx, edi 0000000077A4ACCC 488BCB mov rcx, rbx 0000000077A4ACCF E81C000000 call 0x77a4acf0 ; RtlDefaultNpAcl (ntdll.dll) 0000000077A4ACD4 83F801 cmp eax, 0x1 0000000077A4ACD7 74CE jz 0x77a4aca7 0000000077A4ACD9 83F802 cmp eax, 0x2 0000000077A4ACDC 7593 jnz 0x77a4ac71 0000000077A4ACDE 8D7001 lea esi, [rax+0x1] 0000000077A4ACE1 8BF8 mov edi, eax 0000000077A4ACE3 EB8C jmp 0x77a4ac71 0000000077A4ACE5 90 nop 0000000077A4ACF0 48895C2420 mov [rsp+0x20], rbx 0000000077A4ACF5 55 push rbp 0000000077A4ACF6 56 push rsi 0000000077A4ACF7 57 push rdi 0000000077A4ACF8 4156 push r14 0000000077A4ACFA 4157 push r15 0000000077A4ACFC 4881EC80000000 sub rsp, 0x80 0000000077A4AD03 488D0586870E00 lea rax, [rip+0xe8786] 0000000077A4AD0A 4533FF xor r15d, r15d 0000000077A4AD0D 8BEA mov ebp, edx 0000000077A4AD0F 488BD9 mov rbx, rcx 0000000077A4AD12 483BC8 cmp rcx, rax 0000000077A4AD15 0F844E10FEFF jz dword 0x77a2bd69 0000000077A4AD1B 33FF xor edi, edi 0000000077A4AD1D 89BC24B0000000 mov [rsp+0xb0], edi 0000000077A4AD24 654C8B3425300000 mov r14, [gs:0x30] 00 0000000077A4AD2D 85FF test edi, edi 0000000077A4AD2F 0F854510FEFF jnz dword 0x77a2bd7a 0000000077A4AD35 44383D4C390E00 cmp [rip+0xe394c], r15b 0000000077A4AD3C 0F8552D80100 jnz dword 0x77a68594 0000000077A4AD42 44393DC3350E00 cmp [rip+0xe35c3], r15d 0000000077A4AD49 0F8520D80100 jnz dword 0x77a6856f 0000000077A4AD4F 4C89A424B8000000 mov [rsp+0xb8], r12 0000000077A4AD57 44383D33350E00 cmp [rip+0xe3533], r15b 0000000077A4AD5E 0F8444D80100 jz dword 0x77a685a8 0000000077A4AD64 4533E4 xor r12d, r12d 0000000077A4AD67 488B7318 mov rsi, [rbx+0x18] 0000000077A4AD6B 4885F6 test rsi, rsi 0000000077A4AD6E 0F84D275FEFF jz dword 0x77a32346 0000000077A4AD74 8B4308 mov eax, [rbx+0x8] 0000000077A4AD77 A801 test al, 0x1 0000000077A4AD79 0F854576FDFF jnz dword 0x77a223c4 0000000077A4AD7F 8BC8 mov ecx, eax 0000000077A4AD81 2BCD sub ecx, ebp 0000000077A4AD83 F00FB14B08 lock cmpxchg [rbx+0x8], ecx 0000000077A4AD88 0F852B76FDFF jnz dword 0x77a223b9 0000000077A4AD8E 488B03 mov rax, [rbx] 0000000077A4AD91 4C89AC24C0000000 mov [rsp+0xc0], r13 0000000077A4AD99 33ED xor ebp, ebp 0000000077A4AD9B 4533ED xor r13d, r13d 0000000077A4AD9E 4883F8FF cmp rax, 0xff 0000000077A4ADA2 7403 jz 0x77a4ada7 crash --> 0000000077A4ADA4 FF4024 inc dword [rax+0x24] 0000000077A4ADA7 BA22170000 mov edx, 0x1722 0000000077A4ADAC 488D3DDD860E00 lea rdi, [rip+0xe86dd] 0000000077A4ADB3 803C258203FE7F00 cmp byte [0x7ffe0382], 0x0 0000000077A4ADBB 0F85F3D70100 jnz dword 0x77a685b4 0000000077A4ADC1 4883FEFF cmp rsi, 0xff