MIME-Version: 1.0 Content-Type: multipart/related; boundary="__ANALYZER_REPORT_BOUNDARY__"; type="text/html" This is a multi-part message in MIME format. --__ANALYZER_REPORT_BOUNDARY__ Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/Report.htm =0D=0A=0D=0A=0D=0A =0D=0A=0D=0A=0D=0A=0D=0A=0D=0A<= body>=0D=0A
=0D=0A =20= =0D=0A =0D=0A =0D=0A
=0D=0A =0D=0A =0D=0A =0D=0A =0D=0A =0D= =0A
=0D=0A =0D=0A =0D=0A =20= =0D=0A =0D=0A =0D=0A =20= =0D=0A =0D=0A= =0D=0A =0D=0A=20=
=0D=0A   =0D=0A =20= =0D=0A =20= =0D=0A =20= =0D=0A Your browser= settings are currently prohibiting this report's scripts=0D=0A =20= from running.
=0D=0A =20=
=0D=0A <= /font>=0D=0A
=0D=0A =20=
=0D=0A =20= This is preventing some features of this analysis report from displa= ying properly.=0D=0A To enable scripts= to run, right-click the security warning above and choose "Allow=0D=0A= Blocked Content..." or enable the = "Allow active content to run in files on My Computer*"=0D=0A =20= setting on the Advanced tab of your "Inter= net Options" dialog to avoid being prompted in the future=0D=0A =20=
=0D=0A =20=
=0D=0A =0D=0A
=0D=0A DebugDiag Analysis=20= Report=0D=0A
=0D=0A =0D=0A =20= =0D=0A =0D=0A =0D=0A =20= =0D=0A =0D=0A =0D=0A =20= =0D=0A
=0D=0A =20= =0D=0A =0D=0A =0D=0A Dumps:
=0D=0A =0D= =0A =0D=0A =0D=0A =0D=0A =0D=0A =0D=0A =20=
=0D=0A =0D=0A =0D=0A =20= =0D=0A Rules:=0D=0A
=0D=0A =0D=0A =0A
=0A =0A
=0D=0A =0D=0A =0D=0A =0D=0A=
=0A =0A <= /div>=0A
=0A =0A =0A
=0D=0A =0D=0A
=0D= =0A=0D=0A=0D=0A =0D=0A =20=
=0D=0A =20=
Analysis Summary
<= /thead><= td class=3D"gridrowspacing finaltd">The heap corruption detected in t= his dump was likely caused by the following Module:

C:\Wind= ows\System32\ntdll.dll

Please follow up with the following= vendor regarding this issue:

Microsoft Corporation
Description<= /td>Recommendation
In tbs__PID__7288__Date__09_28_2= 020__Time_07_46_58AM__951__Second_Chance_Exception_C0000374.dmp the a= ssembly instruction at ntdll!RtlReportCriticalFailure+83 in C:\Windows\System32\ntdll.dll from Microsoft Corporation=20= has caused a corrupted heap exception (0xC0000374) when trying= to perform an unknown operation on memory location 0x0= 0000000 on thread 0
Heap corruption was detected in this d= umpPlease follow up with the vendor of the Module listed in the= recommendation section for further assistance on this issue.

= Current NTGlobalFlags value: 0x400 (Enable pool tagging)
=0D=0A =0D=0A
=0D=0A =0D=0A =0D=0A
Analysis Details


Report for tbs__PID__7288__Date_= _09_28_2020__Time_07_46_58AM__951__Second_Chance_Exception_C0000374.d= mp

=0D=0A Type of Analysis Performed=0D=0A =0D=0A=0D=0A= =0D= =0A=0D=0A= =0D=0A=0D=0A=0D=0A=0D=0A=0D=0A=0D=0A
  Combined Crash/Ha= ng Analysis
Machine Name  CWWCTX388
Operating=20= System  Windows Server 2012
Number Of Processors  2
Process ID  7288
Process Image  D:\Flowthrough\ODD\tbs.e= xe
Command Line  "D:= \Flowthrough\ODD\tbs.exe"
System Up-Time<= /td>  06:25:46
Process Up= -Time  00:04:14
Proc= essor Type  X86
Proc= ess Bitness  32-Bit
= =0D=0A

Top 5=20= Threads by CPU time

Note - Times incl= ude both user mode and kernel mode for each thread=0D=0A=0D=0A=0D=0A=0D=0A=0D=0A=0D=0A=0D=0A=0D=0A

CLR Information

5 Threads (35% of a= ll threads) have this same call stack.
Note: Grouping of identi= cal threads can be disabled in the 'Preferences' tab of the Analysis=20= Options

= Thread 2 - System ID 5220

Thread ID: 0=     Total CPU Time: 00:00= :01.858    Entry Point for Thre= ad: tbs+1249
Thread ID: 3    Total CPU= Time: 00:00:00.031    Entr= y Point for Thread: msvcrt!_threadstartex
Thr= ead ID: 5 &= nbsp;  Total CPU Time: 00:00:00.030&n= bsp;   Entry Point for Thread: ntdll!TppWorkerT= hread
Thread ID: 9    Total CPU Time: = 00:00:00.015    Entry Point for= Thread: winmm!mciwindow
Thread ID: 2    <= b>Total CPU Time: 00:00:00.015   &n= bsp;Entry Point for Thread: ntdll!TppWorkerThread
E= ntry point  ntdll!TppWorkerThread
Create time  9/28/2020 6:12:54 PM
Time spent in user mode  0 Days= 00:00:00.015
Time spent in kernel mode=   0 Days 00:00:00.000

<= H3>Thread 5 - System ID 11940
= Entry point  ntdll!TppWorkerThread= Create time  9/28/2020 6:12:55 PM<= /b>Time spent in user mode  0= Days 00:00:00.015Time spent in kernel mode  0 Days 00:00:00.015


Thread 11 - System ID 11576

Entry point  ntdll!TppWorkerThread
Create time  9/28/2020 6:15:= 51 PM
Time spent in user mode &nbs= p;0 Days 00:00:00.000
Time spent in kernel mo= de  0 Days 00:00:00.000

Thread 12 - System ID 10700

Thread 13 - System ID 11824

Entry point  ntdll!TppWorkerThr= ead
Create time  9/28/2020= 6:15:51 PM
Time spent in user mode&nbs= p; 0 Days 00:00:00.000
Time spent in ker= nel mode  0 Days 00:00:00.015
Entry point  ntdll!TppWorke= rThread
Create time  9/28/= 2020 6:16:41 PM
Time spent in user mode=   0 Days 00:00:00.000
Time spent in= kernel mode  0 Days 00:00:00.000

ntdl= l!TppWorkerThread+259
kernel32!BaseThreadInit= Thunk+24

2 Threads (14% of all threads) have this same call=20= stack.
Note: Grouping of identical threads can be disabled in t= he 'Preferences' tab of the Analysis Options

Thread 4 - System ID 12200

Entry point &nbs= p;mshtml!CExecFT::StaticThreadProc
Create tim= e  9/28/2020 6:12:55 PM
Ti= me spent in user mode  0 Days 00:00:00.000<= /td>
Time spent in kernel mode  0 D= ays 00:00:00.000

Thread 10 - Syst= em ID 11696

Entry point  mshtml!CExecFT::StaticThreadProc
Create time  9/28/2020 6:12:56 PM
Time spent in user mode  0 Days 0= 0:00:00.000
Time spent in kernel mode&n= bsp; 0 Days 00:00:00.000

<= /div>
<= /tr>mshtml!CDwnTaskExec::ThreadExec+146<= tr>
ntdll!NtWaitForM= ultipleObjects+c
KERNELBASE!WaitForMultipleOb= jectsEx+cc
user32!MsgWaitForMultipleObjectsEx= +163
ms= html!CExecFT::ThreadProc+68
mshtml!CExecFT::S= taticThreadProc+d
kernel32!BaseThreadInitThun= k+24

Thread 0 - System ID 9852

This thread is not fully resolved and may or may not be a pr= oblem. Further analysis of these threads may be required.

<= div class=3D"normalText group" id=3D"B1C1Thread9852group" >
Entry point  tbs+1249=
Create time  9/28/2020 6:= 12:50 PM
Time spent in user mode &= nbsp;0 Days 00:00:01.062
Time spent in kernel= mode  0 Days 00:00:00.796
= <= /tr><= tr>PBVM190!ob_run_dispatch_loop+df<= tr>
ntdll!RtlRepo= rtCriticalFailure+83
ntdll!RtlpHeapHandleErro= r+1c
KERNELBAS= E!LocalFree+27
oleacc!CAccessible::`vector de= leting destructor'+51
oleacc!CAccessible::Rel= ease+77
combase!CStdIdentity::ReleaseCtrlUnk+= 72
rpcrt4!NdrStubCal= l2+330
comba= se!AppInvoke+26c
combase!ComInvokeWithLockAnd= IPID+38b
= user32!UserCallWinProcCheckWow+18e
user32!Dis= patchMessageWorker+208
user32!DispatchMessage= W+10
PBVM19= 0!FN_PluginPollLoop+1a2
PBVM190!FN_RunExecuta= bleEx+3fa
ntdll!_RtlUser= ThreadStart+1b

= Thread 1 - System ID 11412

Entry point=
  combase!CRpcThreadCache::RpcWorke= rThreadEntry
Create time  = 9/28/2020 6:12:51 PM
Time spent in user mode  0 Days 00:00:00.000
Time spe= nt in kernel mode  0 Days 00:00:00.000

<= tr>=
comb= ase!CRpcThread::WorkerLoop+3e0
combase!CRpcTh= readCache::RpcWorkerThreadEntry+16
kernel32!B= aseThreadInitThunk+24
ntdll!__RtlUserThreadSt= art+2f

Thread 3 - System ID 113= 76

Entry point&nb= sp; msvcrt!_threadstartex
Create time  9/28/2020 6:12:55 PM
Time s= pent in user mode  0 Days 00:00:00.031
Time spent in kernel mode  0 Days=20= 00:00:00.000

<= table border=3D0 cellpadding=3D0 cellspacing=3D0 class=3DmyCustomText= >ntdll!NtWaitForMultipleObjects+cKERNELBASE!WaitForMultipleObjectsEx+ccmshtml!Memory::Recycler::ThreadProc+121= mshtml!Memory::Recycler::StaticThreadProc+1c= msvcrt!_callthreadstartex+25msvcr= t!_threadstartex+61kernel32!BaseThreadInitTh= unk+24ntdll!__RtlUserThreadStart+2fntdll!_RtlUserThreadStart+1b
<= /div>

Thread 6 - System ID 10672

  9/28/2020 6:12:55 PM
Entry point  msh= tml!CExecFT::StaticThreadProc
Create time
Time spent= in user mode  0 Days 00:00:00.000
Time spent in kernel mode  0 Days 00:0= 0:00.000

ntdll!NtWaitForSingleObject+cKERNELBASE!WaitForSingleObjectEx+99KERNELBASE!WaitForSingleObject+12msht= ml!CTimerMan::ThreadExec+f5mshtml!CExecFT::T= hreadProc+68mshtml!CExecFT::StaticThreadProc= +dkernel32!BaseThreadInitThunk+24<= tr>ntdll!__RtlUserThreadStart+2fn= tdll!_RtlUserThreadStart+1b

Thread 7 - System ID 8300

<= table border=3D0 cellpadding=3D0 cellspacing=3D0 class=3DmyCustomText= >Entry point  msvcrt!_threadstartex= Create time  9/28/2020 6:12:5= 5 PMTime spent in user mode  = ;0 Days 00:00:00.000Time spent in kernel mod= e  0 Days 00:00:00.015
<= div class=3D"mt20 normalText">
ntdl= l!NtWaitForMultipleObjects+c
KERNELBASE!WaitF= orMultipleObjectsEx+cc
jscript9!Recycler::Thr= eadProc+ba
jscript9!Recycler::StaticThreadPro= c+1c
kernel3= 2!BaseThreadInitThunk+24
ntdll!__RtlUserThrea= dStart+2f

Thread 8 - System ID 617= 2

Entry point = ; msvcrt!_threadstartex
Create time  9/28/2020 6:12:55 PM
Time spe= nt in user mode  0 Days 00:00:00.015
Time spent in kernel mode  0 Days 00= :00:00.000

ntdll!NtWaitForSingleObject+cKERNELBASE!WaitForSingleObjectEx+99KERNELBASE!WaitForSingleObject+12jscr= ipt9!Event::Wait+10jscript9!JsUtil::Backgrou= ndJobProcessor::Run+1a5jscript9!JsUtil::Back= groundJobProcessor::StaticThreadProc+42msvcr= t!_callthreadstartex+25msvcrt!_threadstartex= +61kernel32!BaseThreadInitThunk+24= ntdll!__RtlUserThreadStart+2f= ntdll!_RtlUserThreadStart+1b

Thread 9 - System ID 11080

Entry point  winmm!mciwindow=
Create time  9/28/2020 6:12:5= 5 PM
Time spent in user mode  = ;0 Days 00:00:00.000
Time spent in kernel mod= e  0 Days 00:00:00.015

us= er32!NtUserGetMessage+c
k= ernel32!BaseThreadInitThunk+24
ntdll!__RtlUse= rThreadStart+2f
ntdll!_RtlUserThreadStart+1b<= /td>

Well-Known COM STA Thread= s Report

= STA Name   Thread ID&nbs= p  Thread Status   <= /th>Call Status
Main STA   0In-Call   not fully resolved and m= ay or may not be a problem. Further analysis of this thread may be r= equired

Exception Information

NTDLL!RTLREPORTCRITICALFAILU= RE+83In tbs__PID__7288__Date__09_28_2020__Time_07_46_58AM__951__Secon= d_Chance_Exception_C0000374.dmp the assembly instruction at ntdll!= RtlReportCriticalFailure+83 in C:\Windows\System32\ntdll.dll from Microsoft Corporation has caused a corrupted heap e= xception (0xC0000374) when trying to perform an unknown operat= ion on memory location 0x00000000 on thread 0
H= eap corruption was detected in this dump
Please follow up with t= he vendor of the Module listed in the recommendation section for furt= her assistance on this issue.

Current NTGlobalFlags value: = 0x400 (Enable pool tagging)

  Symbol Type: <= td>ISAPIExtension:=

Module Information

Image Name:C:\Windows\System32\ntdll.dllPDB
Ba= se address:0x00905a4d  Time Stamp:= Tue Jan 28 11:13:03 2020=0A
Checksu= m:0x00000000  Comments:
COM DLL:False &nbs= p;Company Name: Microsoft Corporation
False  File De= scription: NT Layer DLL
ISAPIFilter:= False  File Version: = 6.3.9600.19629 (winblue_ltsb_escrow.200127-1700)
= Managed DLL:False  Internal Name:<= /b> ntdll.dll
VB DLL:False<= /td>  Legal Copyright: =C2=A9 Microsoft= Corporation. All rights reserved.
Loaded Image N= ame: ntdll.dll  Legal Trademarks:<= /b>
Mapped Image Name:   Original filename: ntdll.dll
Module name: ntdll  = Private Build:
Single Threaded:= False  Product Name: Mic= rosoft=C2=AE Windows=C2=AE Operating System
Modul= e Size: 1.43 MBytes  Product Version: 6.3.9600.19629
Symbol File Name: c:\symbols\wntdll.pdb\= 573A7A57DE534B8581A8BE93D18EA6692\wntdll.pdb  S= pecial Build: &

=0D=0A=0D=0A=0D=0A =20= =0D=0A
=0D=0A =0D=0A
=0D=0A =0D=0A
Analysis Rule Summary <= /div>=0D=0A
=0D=0A =0D=0A =20= =0D=0A =0D=0A =0D=0A =0D=0A =0D=0A =0D=0A =0D=0A =0A=0D=0A=0D=0A=0D=0A=0D=0A
Rule NameStat= usDetails
CrashHangAnalysis - v (