Filename : MT5CLW64.AD74C2EC735AD5DBC1FD5E7D087E937D Time : 2015.12.19 09:59 (0:01:13) Program : Client Terminal Version : 500.1240 (17 Dec 2015) Revision : 13671 OS : Windows 7 Service Pack 1 (Build 7601) BIOS : A_M_I_ - 4000906 - NWTGHFYUKUTYJQWW-IOMFZJ - P5Q-E Explorer : 11.0 ID : F3C3EF22-79FB-T-150609 Processors : 4 x Intel Core2 Quad Q8200 @ 2.33GHz, x64 Computer : DZAM-PC:Dzam-PC Memory : 1242 free of 6143 Mb Virtual : 8386150 free of 8388607 Mb Handlers : 820 CrashMD5 : AD85E8E554F2258BF3A755BD20F08A90 CustomInfo : Exception : C0000005 at 0000000076E2F9D9 read to 00000E511B049858 Modules : 000000013FC20000 0306C000 C:\Program Files\BCS Broker MetaTrader 5 Terminal\terminal64.exe (5.0.0.1240) : 0000000076E10000 001A9000 C:\Windows\SYSTEM32\ntdll.dll (6.1.7601.19045) : 0000000076CF0000 00120000 C:\Windows\system32\kernel32.dll (6.1.7601.19045) : 000007FEFCC90000 0006C000 C:\Windows\system32\KERNELBASE.dll (6.1.7601.19045) : 000007FEFCD10000 0016D000 C:\Windows\system32\CRYPT32.dll (6.1.7601.18839) : 000007FEFEE20000 0009F000 C:\Windows\system32\msvcrt.dll (6.1.8638.17744) : 000007FEFCBB0000 0000F000 C:\Windows\system32\MSASN1.dll (6.1.7601.17514) : 000007FEF9330000 0003B000 C:\Windows\system32\WINMM.dll (6.1.7600.16385) : 0000000076BF0000 000FA000 C:\Windows\system32\USER32.dll (6.1.7601.19061) : 000007FEFED10000 00067000 C:\Windows\system32\GDI32.dll (6.1.7601.18898) : 000007FEFE1B0000 0000E000 C:\Windows\system32\LPK.dll (6.1.7601.18985) : 000007FEFEEC0000 000CA000 C:\Windows\system32\USP10.dll (1.626.7601.19054) : 000007FEFC0E0000 0000C000 C:\Windows\system32\VERSION.dll (6.1.7600.16385) : 000007FEFA9C0000 00016000 C:\Windows\system32\NETAPI32.dll (6.1.7601.17887) : 000007FEFA9B0000 0000C000 C:\Windows\system32\netutils.dll (6.1.7601.17514) : 000007FEFC670000 00023000 C:\Windows\system32\srvcli.dll (6.1.7601.17514) : 000007FEFEFF0000 0012D000 C:\Windows\system32\RPCRT4.dll (6.1.7601.19045) : 000007FEFA990000 00015000 C:\Windows\system32\wkscli.dll (6.1.7601.17514) : 000007FEF95E0000 00014000 C:\Windows\system32\SAMCLI.DLL (6.1.7601.17514) : 000007FEFA830000 00071000 C:\Windows\system32\WINHTTP.dll (6.1.7601.17514) : 000007FEFA7C0000 00064000 C:\Windows\system32\webio.dll (6.1.7601.17725) : 000007FEFADE0000 00216000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.19061_none_2b299db671e86e03\gdiplus.dll (6.1.7601.19061) : 000007FEFE3D0000 00203000 C:\Windows\system32\ole32.dll (6.1.7601.18915) : 000007FEFB000000 00056000 C:\Windows\system32\UxTheme.dll (6.1.7600.16385) : 000007FEF9310000 00007000 C:\Windows\system32\MSIMG32.dll (6.1.7600.16385) : 000007FEE14B0000 00071000 C:\Windows\system32\WINSPOOL.DRV (6.1.7601.17514) : 000007FEFDD90000 000DB000 C:\Windows\system32\ADVAPI32.dll (6.1.7601.18939) : 000007FEFE600000 0001F000 C:\Windows\SYSTEM32\sechost.dll (6.1.7601.18869) : 000007FEFCF70000 00D89000 C:\Windows\system32\SHELL32.dll (6.1.7601.18952) : 000007FEFDD10000 00071000 C:\Windows\system32\SHLWAPI.dll (6.1.7601.17514) : 000007FEFBC10000 001F4000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.dll (6.1.7601.18837) : 000007FEFEB90000 000D7000 C:\Windows\system32\OLEAUT32.dll (6.1.7601.18679) : 000007FEDAB90000 00023000 C:\Windows\system32\oledlg.dll (6.1.7600.16385) : 000007FEFE240000 00185000 C:\Windows\system32\urlmon.dll (11.0.9600.18123) : 000007FEFCC80000 00004000 C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll (6.2.9200.16492) : 000007FEFCC70000 00004000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll (6.2.9200.16492) : 000007FEFCF50000 00005000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll (6.2.9200.16492) : 000007FEFCD00000 00004000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll (6.2.9200.16492) : 000007FEFCF20000 00004000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll (6.2.9200.16492) : 000007FEFCF60000 00003000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll (6.2.9200.16492) : 0000000076FD0000 00003000 C:\Windows\system32\normaliz.DLL (6.1.7600.16385) : 000007FEFE8C0000 002C8000 C:\Windows\system32\iertutil.dll (11.0.9600.18123) : 000007FEFE620000 00269000 C:\Windows\system32\WININET.dll (11.0.9600.18123) : 000007FEFCF30000 0001E000 C:\Windows\system32\USERENV.dll (6.1.7601.17514) : 000007FEFCBC0000 0000F000 C:\Windows\system32\profapi.dll (6.1.7600.16385) : 000007FEFA960000 00027000 C:\Windows\system32\IPHLPAPI.DLL (6.1.7601.17514) : 000007FEFDD00000 00008000 C:\Windows\system32\NSI.dll (6.1.7600.16385) : 000007FEFA950000 0000B000 C:\Windows\system32\WINNSI.DLL (6.1.7600.16385) : 000007FEF6770000 00125000 C:\Windows\system32\dbghelp.dll (6.1.7601.17514) : 000007FEFC730000 0000B000 C:\Windows\system32\Secur32.dll (6.1.7601.19045) : 000007FEFC9B0000 00025000 C:\Windows\system32\SSPICLI.DLL (6.1.7601.19045) : 000007FEFDE70000 0004D000 C:\Windows\system32\WS2_32.dll (6.1.7601.17514) : 000007FEF90B0000 00054000 C:\Windows\system32\OLEACC.dll (6.1.7601.17676) : 000007FEFE890000 0002E000 C:\Windows\system32\IMM32.dll (6.1.7600.16385) : 000007FEFDEC0000 00109000 C:\Windows\system32\MSCTF.dll (6.1.7601.18731) : 00000000748F0000 00011000 C:\Program Files\Crypto Pro\CSP\cpcrypt.dll (3.9.8226.0) : 0000000076FE0000 00007000 C:\Windows\system32\PSAPI.DLL (6.1.7600.16385) : 00000000748E0000 00007000 C:\Program Files\Crypto Pro\CSP\detoured.dll (2.1.127.0) : 0000000074790000 0000B000 C:\Program Files\Crypto Pro\CSP\cpwinet.dll (3.9.8226.0) : 000007FECD510000 00003000 C:\Windows\system32\api-ms-win-core-synch-l1-2-0.DLL (10.0.10240.16390) : 000007FEFC9F0000 0000F000 C:\Windows\system32\CRYPTBASE.dll (6.1.7601.19045) : 000007FEF92D0000 00015000 C:\Windows\system32\NLAapi.dll (6.1.7601.17964) : 000007FEEEB30000 00015000 C:\Windows\system32\napinsp.dll (6.1.7600.16385) : 000007FEEEB10000 00019000 C:\Windows\system32\pnrpnsp.dll (6.1.7600.16385) : 000007FEFC020000 00055000 C:\Windows\System32\mswsock.dll (6.1.7601.18254) : 000007FEFBEA0000 0005B000 C:\Windows\system32\DNSAPI.dll (6.1.7601.17570) : 000007FEEEB00000 0000B000 C:\Windows\System32\winrnr.dll (6.1.7600.16385) : 000000006E7B0000 00026000 C:\Program Files\Bonjour\mdnsNSP.dll (3.1.0.1) : 000007FEFB840000 00007000 C:\Windows\System32\wshtcpip.dll (6.1.7600.16385) : 000007FEFC010000 00007000 C:\Windows\System32\wship6.dll (6.1.7600.16385) : 000007FEEEAF0000 00008000 C:\Windows\system32\rasadhlp.dll (6.1.7600.16385) : 000007FEF8C10000 00053000 C:\Windows\System32\fwpuclnt.dll (6.1.7601.18283) : 000007FEFC0C0000 00018000 C:\Windows\system32\CRYPTSP.dll (6.1.7601.18741) : 00000000748D0000 00010000 C:\Program Files\Crypto Pro\CSP\cpadvai.dll (3.9.8226.0) : 000007FEFBB80000 00047000 C:\Windows\system32\rsaenh.dll (6.1.7600.16385) : 000007FEFCAA0000 00057000 C:\Windows\system32\apphelp.dll (6.1.7601.19050) : 000007FECCF10000 001FF000 C:\Windows\system32\d3d9.dll (6.1.7601.17514) : 000007FED6730000 00007000 C:\Windows\system32\d3d8thk.dll (6.1.7600.16385) : 000007FEFABD0000 00018000 C:\Windows\system32\dwmapi.dll (6.1.7601.18917) : 000007FEFED80000 00099000 C:\Windows\system32\CLBCatQ.DLL (6.1.7600.16385) : 000007FEDD110000 00DD0000 C:\Windows\System32\ieframe.dll (11.0.9600.18123) : 000007FEF9130000 00004000 C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll (6.2.9200.16492) : 000007FEDCB20000 00004000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll (6.2.9200.16492) : 000007FEFCA00000 00091000 C:\Windows\system32\SXS.DLL (6.1.7601.17514) : 000007FEFB060000 0012C000 C:\Windows\system32\PROPSYS.dll (7.0.7601.17514) : 000007FEC6DA0000 018AE000 C:\Windows\System32\mshtml.dll (11.0.9600.18125) : 000007FEF8F40000 00004000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll (6.2.9200.16492) : 000007FEF7C80000 0003B000 C:\Windows\system32\mlang.dll (6.1.7600.16385) : 000007FEC5880000 005B0000 C:\Windows\System32\jscript9.dll (11.0.9600.18123) : 000007FEFCB00000 00014000 C:\Windows\system32\RpcRtRemote.dll (6.1.7601.17514) : 000007FEFBA50000 0000A000 C:\Windows\system32\credssp.dll (6.1.7601.19045) : 000007FEFBE10000 00058000 C:\Windows\system32\schannel.DLL (6.1.7601.19045) : 00000000748C0000 0000E000 C:\Program Files\Crypto Pro\CSP\cpschan.dll (3.9.8226.0) : 0000000074870000 00047000 C:\Windows\system32\cpsspap.dll (3.9.8226.0) : 000007FEFC570000 00050000 C:\Windows\system32\ncrypt.dll (6.1.7601.19045) : 000007FEFC540000 00022000 C:\Windows\system32\bcrypt.dll (6.1.7600.16385) : 000007FEFBAC0000 0004C000 C:\Windows\system32\bcryptprimitives.dll (6.1.7601.19012) : 000007FEFB940000 0001B000 C:\Windows\system32\GPAPI.dll (6.1.7600.16385) : 0000000060020000 00018000 C:\Program Files\Crypto Pro\CSP\cpcsp.dll (3.6.4074.0) : 000000006D3A0000 000C7000 C:\Program Files\Crypto Pro\CSP\cpcspi.dll (3.9.8226.0) : 000000006D360000 00037000 C:\Program Files\Crypto Pro\CSP\cpsuprt.dll (3.9.8226.0) : 000007FEF88A0000 00038000 C:\Windows\system32\WinSCard.dll (6.1.7601.17514) : 000000006D350000 0000D000 C:\Program Files\Crypto Pro\CSP\cprndm.dll (3.9.8226.0) : 000000006D340000 0000C000 C:\Program Files\Crypto Pro\CSP\bio.dll (3.9.8226.0) : 000007FEFA9E0000 0002D000 C:\Windows\system32\ntmarta.dll (6.1.7600.16385) : 000007FEFEF90000 00052000 C:\Windows\system32\WLDAP32.dll (6.1.7601.17514) : 000000006D320000 0001B000 C:\Program Files\Crypto Pro\CSP\cpui.dll (3.9.8226.0) : 000007FEFC0F0000 0031E000 C:\Windows\system32\msi.dll (5.0.7601.18896) : 000007FEFEC70000 00097000 C:\Windows\system32\Comdlg32.dll (6.1.7601.17514) : 000007FEF8E30000 00018000 C:\Windows\system32\dhcpcsvc.DLL (6.1.7600.16385) : 000007FEFB1C0000 0000E000 C:\Windows\system32\msimtf.dll (6.1.7600.16385) : 000007FEC5F00000 003C4000 C:\Windows\system32\d2d1.dll (6.2.9200.16765) : 000007FEC56E0000 00197000 C:\Windows\system32\DWrite.dll (6.2.9200.17568) : 000007FEE1530000 0005D000 C:\Windows\system32\dxgi.dll (6.2.9200.16492) : 000007FEE1290000 00026000 C:\Windows\system32\DXGIDebug.dll (9.30.9600.17336) : 000007FEFCBD0000 0003B000 C:\Windows\system32\WINTRUST.dll (6.1.7601.18839) : 000007FEE12D0000 001D5000 C:\Windows\system32\d3d11.dll (6.2.9200.16570) : 000007FEC5460000 00279000 C:\Windows\system32\D3D10Warp.dll (6.2.9200.17033) : 000007FEC53A0000 000BA000 C:\Windows\system32\uiautomationcore.dll (6.1.7600.16385) : 000007FEFAA20000 00161000 C:\Windows\system32\windowscodecs.dll (6.2.9200.17251) : 000007FEFABF0000 0004B000 C:\Windows\system32\MMDevAPI.DLL (6.1.7600.16385) : 000007FEF9780000 0003B000 C:\Windows\system32\wdmaud.drv (6.1.7601.17514) : 0000000074720000 00006000 C:\Windows\system32\ksuser.dll (6.1.7600.16385) : 000007FEFA4C0000 00009000 C:\Windows\system32\AVRT.dll (6.1.7600.16385) : 000007FEFDFD0000 001D7000 C:\Windows\system32\SETUPAPI.dll (6.1.7601.17514) : 00000000026A0000 00036000 C:\Windows\system32\CFGMGR32.dll (6.1.7601.17514) : 000007FEFCC10000 0001A000 C:\Windows\system32\DEVOBJ.dll (6.1.7600.16385) : 000007FEF9230000 0004F000 C:\Windows\system32\AUDIOSES.DLL (6.1.7601.18741) : 000007FEFA940000 0000A000 C:\Windows\system32\msacm32.drv (6.1.7600.16385) : 000007FEF9760000 00018000 C:\Windows\system32\MSACM32.dll (6.1.7600.16385) : 000007FEF9750000 00009000 C:\Windows\system32\midimap.dll (6.1.7600.16385) : 000007FEF9060000 0000A000 C:\Windows\system32\msadp32.acm (6.1.7600.16385) Registers : RAX=00000000046976B0 RIP=0000000076E2F9D9 EFLGS=00010202 : RBX=0000000000000000 RSP=00000000076DDB40 RBP=0000000000000000 : RCX=00000E511B049840 RSI=00000000002E8D70 CS=0033 : RDX=0000000000000084 RDI=00000000002E9088 DS=002b : R8 =0000000005220090 R12=00000000002EC910 ES=002b : R9 =0000000005220080 R13=00000000002E9160 FS=0053 : R10=000000FFFFFFFFFF R14=0000000076E10000 GS=002b : R11=00000000045D8188 R15=FFFFFFFF0000FFFF SS=002b Stack info : top=00000000076E0000 bottom=00000000076DA000 base=00000000075E0000 Threads : #000 000000000000134C EIP: 0000000076C09E9A ESP: 000000000020F6B8 gui main 0000000076C09E80:00001A [0000000076C09E9A] SoundSentry (user32.dll) 0000000076C09EA4:00002A [0000000076C09ECE] GetPriorityClipboardFormat (user32.dll) 000000013FCA8810:000027 [000000013FCA8837] #5047 (terminal64.exe) 000000013FCA8E3C:00006E [000000013FCA8EAA] #5065 (terminal64.exe) 000000013FF1ED50:000058 [000000013FF1EDA8] #16722 (terminal64.exe) 000000013FE6A16C:0000A5 [000000013FE6A211] #14806 (terminal64.exe) 000000013FE3C93C:00023E [000000013FE3CB7A] #13833 (terminal64.exe) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #001 0000000000000174 EIP: 0000000076E5DF6A ESP: 000000000349FBD8 0000000076E5DF60:00000A [0000000076E5DF6A] ZwWriteFileGather (ntdll.dll) 000007FEFCC913F0:000040 [000007FEFCC91430] GetCurrentProcess (kernelbase.dll) 0000000076D116A0:0000B3 [0000000076D11753] WaitForMultipleObjectsEx (kernel32.dll) 0000000076C08DE0:0001DD [0000000076C08FBD] GetSystemMenu (user32.dll) 0000000076C062A0:00002E [0000000076C062CE] OpenInputDesktop (user32.dll) 0000000076C062E0:000020 [0000000076C06300] OpenIcon (user32.dll) 000007FEFAE52CAC:000000 [000007FEFAE52CAC] unknown (gdiplus.dll) 000007FEFAE52B10:000000 [000007FEFAE52B10] unknown (gdiplus.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #002 0000000000001DA4 EIP: 0000000076E5D9FA ESP: 000000000368FC08 0000000076E5D9F0:00000A [0000000076E5D9FA] ZwWriteVirtualMemory (ntdll.dll) 000007FEFCC91040:00009C [000007FEFCC910DC] WaitForSingleObjectEx (kernelbase.dll) 00000001402EC1F0:000168 [00000001402EC358] #28907 (terminal64.exe) 00000001402EC3A0:000023 [00000001402EC3C3] #28908 (terminal64.exe) 000000013FE4F560:0000C1 [000000013FE4F621] #14203 (terminal64.exe) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #003 0000000000001EF0 EIP: 0000000076E5DA4A ESP: 000000000391F7A8 0000000076E5DA40:00000A [0000000076E5DA4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFCC91670:00003D [000007FEFCC916AD] GetQueuedCompletionStatus (kernelbase.dll) 0000000076CF99F0:000011 [0000000076CF9A01] GetQueuedCompletionStatus (kernel32.dll) 00000001402EC060:000109 [00000001402EC169] #28905 (terminal64.exe) 00000001402EC1B0:000023 [00000001402EC1D3] #28906 (terminal64.exe) 000000013FE4F560:0000C1 [000000013FE4F621] #14203 (terminal64.exe) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #004 0000000000001DDC EIP: 0000000076E5DA4A ESP: 00000000037CF938 0000000076E5DA40:00000A [0000000076E5DA4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFCC91670:00003D [000007FEFCC916AD] GetQueuedCompletionStatus (kernelbase.dll) 0000000076CF99F0:000011 [0000000076CF9A01] GetQueuedCompletionStatus (kernel32.dll) 00000001402EC060:000044 [00000001402EC0A4] #28905 (terminal64.exe) 00000001402EC1B0:000023 [00000001402EC1D3] #28906 (terminal64.exe) 000000013FE4F560:0000C1 [000000013FE4F621] #14203 (terminal64.exe) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #005 0000000000001380 EIP: 0000000076E5DA4A ESP: 0000000003A1FA48 0000000076E5DA40:00000A [0000000076E5DA4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFCC91670:00003D [000007FEFCC916AD] GetQueuedCompletionStatus (kernelbase.dll) 0000000076CF99F0:000011 [0000000076CF9A01] GetQueuedCompletionStatus (kernel32.dll) 00000001402EC060:000044 [00000001402EC0A4] #28905 (terminal64.exe) 00000001402EC1B0:000023 [00000001402EC1D3] #28906 (terminal64.exe) 000000013FE4F560:0000C1 [000000013FE4F621] #14203 (terminal64.exe) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #006 0000000000001FA4 EIP: 0000000076E5DA4A ESP: 0000000003B9FC58 0000000076E5DA40:00000A [0000000076E5DA4A] NtReplyWaitReceivePort (ntdll.dll) 000007FEFCC91670:00003D [000007FEFCC916AD] GetQueuedCompletionStatus (kernelbase.dll) 0000000076CF99F0:000011 [0000000076CF9A01] GetQueuedCompletionStatus (kernel32.dll) 00000001402EC060:000044 [00000001402EC0A4] #28905 (terminal64.exe) 00000001402EC1B0:000023 [00000001402EC1D3] #28906 (terminal64.exe) 000000013FE4F560:0000C1 [000000013FE4F621] #14203 (terminal64.exe) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #007 00000000000019A0 EIP: 0000000076E5DF6A ESP: 0000000003EAF938 0000000076E5DF60:00000A [0000000076E5DF6A] ZwWriteFileGather (ntdll.dll) 0000000076E2A060:0008F7 [0000000076E2A957] TpReleasePool (ntdll.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #008 0000000000001320 EIP: 0000000076E5D9FA ESP: 00000000066FF7E8 0000000076E5D9F0:00000A [0000000076E5D9FA] ZwWriteVirtualMemory (ntdll.dll) 000007FEFCC91040:00009C [000007FEFCC910DC] WaitForSingleObjectEx (kernelbase.dll) 000007FEC77AE420:19F63E [000007FEC794DA5E] func_0x000007FEC77AE420 (mshtml.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #009 0000000000002198 EIP: 0000000076E5D9FA ESP: 00000000050CF798 0000000076E5D9F0:00000A [0000000076E5D9FA] ZwWriteVirtualMemory (ntdll.dll) 000007FEFCC91040:00009C [000007FEFCC910DC] WaitForSingleObjectEx (kernelbase.dll) 000007FEC740A7F0:382699 [000007FEC778CE89] IERegisterXMLNS (mshtml.dll) 000007FEFEE240CC:000093 [000007FEFEE2415F] srand (msvcrt.dll) 000007FEFEE26CE0:0001DD [000007FEFEE26EBD] _ftime64_s (msvcrt.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #010 00000000000021A8 EIP: 0000000076E5D9FA ESP: 000000000659FC28 0000000076E5D9F0:00000A [0000000076E5D9FA] ZwWriteVirtualMemory (ntdll.dll) 000007FEFCC91040:00009C [000007FEFCC910DC] WaitForSingleObjectEx (kernelbase.dll) 000007FEC740A7F0:382699 [000007FEC778CE89] IERegisterXMLNS (mshtml.dll) 000007FEFEE240CC:000093 [000007FEFEE2415F] srand (msvcrt.dll) 000007FEFEE26CE0:0001DD [000007FEFEE26EBD] _ftime64_s (msvcrt.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #011 00000000000011C0 EIP: 0000000076E5DF6A ESP: 000000000505F768 0000000076E5DF60:00000A [0000000076E5DF6A] ZwWriteFileGather (ntdll.dll) 000007FEFCC913F0:000040 [000007FEFCC91430] GetCurrentProcess (kernelbase.dll) 0000000076D116A0:0000B3 [0000000076D11753] WaitForMultipleObjectsEx (kernel32.dll) 000007FEC740A7F0:382C32 [000007FEC778D422] IERegisterXMLNS (mshtml.dll) 000007FEC77AE420:000818 [000007FEC77AEC38] func_0x000007FEC77AE420 (mshtml.dll) 000007FEFEE240CC:000093 [000007FEFEE2415F] srand (msvcrt.dll) 000007FEFEE26CE0:0001DD [000007FEFEE26EBD] _ftime64_s (msvcrt.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #012 00000000000020F4 EIP: 0000000076E5DF6A ESP: 00000000069AF518 0000000076E5DF60:00000A [0000000076E5DF6A] ZwWriteFileGather (ntdll.dll) 000007FEFCC913F0:000040 [000007FEFCC91430] GetCurrentProcess (kernelbase.dll) 0000000076D116A0:0000B3 [0000000076D11753] WaitForMultipleObjectsEx (kernel32.dll) 0000000076C08DE0:0001DD [0000000076C08FBD] GetSystemMenu (user32.dll) 0000000076C062A0:00002E [0000000076C062CE] OpenInputDesktop (user32.dll) 000007FEFE3DA4E4:0007F2 [000007FEFE3DACD6] DllGetClassObjectWOW (ole32.dll) 000007FEFE4FA320:000102 [000007FEFE4FA422] CreateBindCtx (ole32.dll) 000007FEC6E547A8:000000 [000007FEC6E547A8] unknown (mshtml.dll) 000007FEC6FC0C30:06C2F2 [000007FEC702CF22] DllEnumClassObjects (mshtml.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #013 0000000000002024 EIP: 0000000076E5DF6A ESP: 0000000004FEFA38 0000000076E5DF60:00000A [0000000076E5DF6A] ZwWriteFileGather (ntdll.dll) 000007FEFCC913F0:000040 [000007FEFCC91430] GetCurrentProcess (kernelbase.dll) 0000000076D116A0:0000B3 [0000000076D11753] WaitForMultipleObjectsEx (kernel32.dll) 000007FEC5881B00:000552 [000007FEC5882052] JsVarRelease (jscript9.dll) 000007FEC5996400:042B18 [000007FEC59D8F18] DllGetClassObject (jscript9.dll) 000007FEFEE240CC:000093 [000007FEFEE2415F] srand (msvcrt.dll) 000007FEFEE26CE0:0001DD [000007FEFEE26EBD] _ftime64_s (msvcrt.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #014 0000000000001CC8 EIP: 0000000076E5F2BA ESP: 0000000006B6F928 0000000076E5F2B0:00000A [0000000076E5F2BA] NtYieldExecution (ntdll.dll) 0000000076E2F320:00039B [0000000076E2F6BB] RtlWalkHeap (ntdll.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #015 0000000000001D6C EIP: 0000000076E5D9FA ESP: 0000000006D5F928 0000000076E5D9F0:00000A [0000000076E5D9FA] ZwWriteVirtualMemory (ntdll.dll) 000007FEFCC91040:00009C [000007FEFCC910DC] WaitForSingleObjectEx (kernelbase.dll) 000007FEC5881B00:0006EE [000007FEC58821EE] JsVarRelease (jscript9.dll) 000007FEC5881B00:000721 [000007FEC5882221] JsVarRelease (jscript9.dll) 000007FEC58828D0:1097E9 [000007FEC598C0B9] JsVarToExtension (jscript9.dll) 000007FEFEE240CC:000093 [000007FEFEE2415F] srand (msvcrt.dll) 000007FEFEE26CE0:0001DD [000007FEFEE26EBD] _ftime64_s (msvcrt.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #016 0000000000001A50 EIP: 0000000076E5F2BA ESP: 0000000006E6FA78 0000000076E5F2B0:00000A [0000000076E5F2BA] NtYieldExecution (ntdll.dll) 0000000076E2F320:00039B [0000000076E2F6BB] RtlWalkHeap (ntdll.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #017 00000000000015FC EIP: 0000000076E5D9FA ESP: 0000000006F7F828 0000000076E5D9F0:00000A [0000000076E5D9FA] ZwWriteVirtualMemory (ntdll.dll) 000007FEFCC91040:00009C [000007FEFCC910DC] WaitForSingleObjectEx (kernelbase.dll) 000007FEFE3DE890:0018BC [000007FEFE3E014C] ObjectStublessClient25 (ole32.dll) 000007FEFE3DE890:0018F2 [000007FEFE3E0182] ObjectStublessClient25 (ole32.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #018 00000000000023B4 EIP: 0000000076E5F2BA ESP: 00000000079FFB58 0000000076E5F2B0:00000A [0000000076E5F2BA] NtYieldExecution (ntdll.dll) 0000000076E2F320:00039B [0000000076E2F6BB] RtlWalkHeap (ntdll.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #019 0000000000001740 EIP: 0000000076E5D9FA ESP: 000000000817F648 0000000076E5D9F0:00000A [0000000076E5D9FA] ZwWriteVirtualMemory (ntdll.dll) 000007FEFCC91040:00009C [000007FEFCC910DC] WaitForSingleObjectEx (kernelbase.dll) 000000006D3A2198:0039ED [000000006D3A5B85] DllStartServer (cpcspi.dll) 000007FEFEE240CC:000093 [000007FEFEE2415F] srand (msvcrt.dll) 000007FEFEE26CE0:0001DD [000007FEFEE26EBD] _ftime64_s (msvcrt.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #020 0000000000001694 EIP: 0000000076E5D9FA ESP: 000000000848FBF8 0000000076E5D9F0:00000A [0000000076E5D9FA] ZwWriteVirtualMemory (ntdll.dll) 000007FEFCC91040:00009C [000007FEFCC910DC] WaitForSingleObjectEx (kernelbase.dll) 000007FEC6DB57F9:000000 [000007FEC6DB57F9] unknown (mshtml.dll) 000007FEC6FC0C30:06C2F2 [000007FEC702CF22] DllEnumClassObjects (mshtml.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #021 000000000000220C EIP: 0000000076E5F2BA ESP: 0000000008B4F808 0000000076E5F2B0:00000A [0000000076E5F2BA] NtYieldExecution (ntdll.dll) 0000000076E2F320:00039B [0000000076E2F6BB] RtlWalkHeap (ntdll.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #022 00000000000023E8 EIP: 0000000076C09E9A ESP: 0000000008CCFE08 0000000076C09E80:00001A [0000000076C09E9A] SoundSentry (user32.dll) 0000000076C06120:00004E [0000000076C0616E] GetNextDlgTabItem (user32.dll) 000007FEF93310D5:000000 [000007FEF93310D5] unknown (winmm.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #023 0000000000002088 EIP: 0000000076E5DF6A ESP: 000000000BA2FA58 0000000076E5DF60:00000A [0000000076E5DF6A] ZwWriteFileGather (ntdll.dll) 000007FEFCC913F0:000040 [000007FEFCC91430] GetCurrentProcess (kernelbase.dll) 0000000076D116A0:0000B3 [0000000076D11753] WaitForMultipleObjectsEx (kernel32.dll) 0000000076C08DE0:0001DD [0000000076C08FBD] GetSystemMenu (user32.dll) 0000000076C062A0:00002E [0000000076C062CE] OpenInputDesktop (user32.dll) 000007FEFE3DA4E4:0007F2 [000007FEFE3DACD6] DllGetClassObjectWOW (ole32.dll) 000007FEFE4FA320:000102 [000007FEFE4FA422] CreateBindCtx (ole32.dll) 000007FEC6E547A8:000000 [000007FEC6E547A8] unknown (mshtml.dll) 000007FEC6FC0C30:06C2F2 [000007FEC702CF22] DllEnumClassObjects (mshtml.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #024 0000000000001D2C EIP: 0000000076E5DF6A ESP: 000000000294F418 0000000076E5DF60:00000A [0000000076E5DF6A] ZwWriteFileGather (ntdll.dll) 000007FEFCC913F0:000040 [000007FEFCC91430] GetCurrentProcess (kernelbase.dll) 0000000076D116A0:0000B3 [0000000076D11753] WaitForMultipleObjectsEx (kernel32.dll) 0000000076C08DE0:0001DD [0000000076C08FBD] GetSystemMenu (user32.dll) 0000000076C062A0:00002E [0000000076C062CE] OpenInputDesktop (user32.dll) 000007FEFE3DA4E4:0007F2 [000007FEFE3DACD6] DllGetClassObjectWOW (ole32.dll) 000007FEFE4FA320:000102 [000007FEFE4FA422] CreateBindCtx (ole32.dll) 000007FEC6E547A8:000000 [000007FEC6E547A8] unknown (mshtml.dll) 000007FEC6FC0C30:06C2F2 [000007FEC702CF22] DllEnumClassObjects (mshtml.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #025 00000000000006C0 EIP: 0000000076E5DCFA ESP: 000000000B8EF5D8 0000000076E5DCF0:00000A [0000000076E5DCFA] NtDeleteValueKey (ntdll.dll) 000007FEFCC91150:0000B3 [000007FEFCC91203] SleepEx (kernelbase.dll) 000000013FF5BF50:000215 [000000013FF5C165] #17538 (terminal64.exe) 000000013FF5C180:00000E [000000013FF5C18E] #17539 (terminal64.exe) 000000013FE4F560:0000C1 [000000013FE4F621] #14203 (terminal64.exe) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) crash : #026 00000000000020CC EIP: 0000000076E2F9D9 ESP: 00000000076DDB40 0000000076E2F960:000079 [0000000076E2F9D9] RtlWow64EnableFsRedirectionEx (ntdll.dll) 0000000076E5F8D0:0000E8 [0000000076E5F9B8] RtlAppendStringToString (ntdll.dll) 000000013FE5DD1C:000044 [000000013FE5DD60] #14638 (terminal64.exe) 000000013FC99164:00002C [000000013FC99190] #4466 (terminal64.exe) 000000013FE3CD34:000012 [000000013FE3CD46] #13839 (terminal64.exe) 000000013FF7F230:00047C [000000013FF7F6AC] #17827 (terminal64.exe) 000000013FF813C0:0000B7 [000000013FF81477] #17843 (terminal64.exe) 000000013FF41950:000125 [000000013FF41A75] #17252 (terminal64.exe) 000000013FF42370:000072 [000000013FF423E2] #17258 (terminal64.exe) 00000001402D37E0:0000D8 [00000001402D38B8] #28596 (terminal64.exe) 00000001402D3DC0:000058 [00000001402D3E18] #28600 (terminal64.exe) 00000001402D3EB0:00000E [00000001402D3EBE] #28601 (terminal64.exe) 000000013FE4F560:0000C1 [000000013FE4F621] #14203 (terminal64.exe) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) 0000000076E2F960 4883EC28 sub rsp, 0x28 0000000076E2F964 488B11 mov rdx, [rcx] 0000000076E2F967 4885D2 test rdx, rdx 0000000076E2F96A 0F8581C00600 jnz dword 0x76e9b9f1 0000000076E2F970 4883C428 add rsp, 0x28 0000000076E2F974 C3 ret 0000000076E2F975 90 nop 0000000076E2F980 FFF6 push rsi 0000000076E2F982 4883EC20 sub rsp, 0x20 0000000076E2F986 33F6 xor esi, esi 0000000076E2F988 488931 mov [rcx], rsi 0000000076E2F98B 65488B0425300000 mov rax, [gs:0x30] 00 0000000076E2F994 39B09C170000 cmp [rax+0x179c], esi 0000000076E2F99A 0F850B20FEFF jnz dword 0x76e119ab 0000000076E2F9A0 33C0 xor eax, eax 0000000076E2F9A2 4883C420 add rsp, 0x20 0000000076E2F9A6 5E pop rsi 0000000076E2F9A7 C3 ret 0000000076E2F9A8 41F6410F80 test byte [r9+0xf], 0x80 0000000076E2F9AD 0F848EA30400 jz dword 0x76e79d41 0000000076E2F9B3 4933C9 xor rcx, r9 0000000076E2F9B6 48C1E904 shr rcx, 0x4 0000000076E2F9BA 498B4108 mov rax, [r9+0x8] 0000000076E2F9BE 49BAFFFFFFFFFF00 mov r10, 0xffffffffff 0000 0000000076E2F9C8 4923C2 and rax, r10 0000000076E2F9CB 4833C8 xor rcx, rax 0000000076E2F9CE 48330DF3E91000 xor rcx, [rip+0x10e9f3] 0000000076E2F9D5 48C1E104 shl rcx, 0x4 crash --> 0000000076E2F9D9 0FB74918 movzx ecx, word [rcx+0x18] 0000000076E2F9DD 4C8B442430 mov r8, [rsp+0x30] 0000000076E2F9E2 41C6410FBF mov byte [r9+0xf], 0xbf 0000000076E2F9E7 4803C9 add rcx, rcx 0000000076E2F9EA 498914C9 mov [r9+rcx*8], rdx 0000000076E2F9EE E9615C0000 jmp 0x76e35654 0000000076E2F9F3 90 nop : #027 000000000000212C EIP: 0000000076E5DF6A ESP: 000000000C04F458 0000000076E5DF60:00000A [0000000076E5DF6A] ZwWriteFileGather (ntdll.dll) 000007FEFCC913F0:000040 [000007FEFCC91430] GetCurrentProcess (kernelbase.dll) 0000000076D116A0:0000B3 [0000000076D11753] WaitForMultipleObjectsEx (kernel32.dll) 000007FEF9792B45:000000 [000007FEF9792B45] unknown (wdmaud.drv) 000007FEF9792941:000000 [000007FEF9792941] unknown (wdmaud.drv) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll) : #028 0000000000001DC8 EIP: 0000000076E5DF6A ESP: 000000000CADF5B8 0000000076E5DF60:00000A [0000000076E5DF6A] ZwWriteFileGather (ntdll.dll) 000007FEFCC913F0:000040 [000007FEFCC91430] GetCurrentProcess (kernelbase.dll) 0000000076D116A0:0000B3 [0000000076D11753] WaitForMultipleObjectsEx (kernel32.dll) 0000000076C08DE0:0001DD [0000000076C08FBD] GetSystemMenu (user32.dll) 0000000076C062A0:00002E [0000000076C062CE] OpenInputDesktop (user32.dll) 000007FEFABF1828:001D96 [000007FEFABF35BE] func_0x000007FEFABF1828 (mmdevapi.dll) 0000000076D05A40:00000D [0000000076D05A4D] BaseThreadInitThunk (kernel32.dll) 0000000076E3B810:000021 [0000000076E3B831] RtlVerifyVersionInfo (ntdll.dll)