Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 8, 2021, 8:59 a.m.	June 8, 2021, 9:02 a.m.

Size	597.5KB
Type	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: straiting polarogram, Subject: inadmissible dawbakes, Author: cellarers sectionizations, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Jun 7 14:29:17 2021, Last Saved Time/Date: Mon Jun 7 14:29:18 2021, Security: 0
MD5	`c72b5321c62c54829b3300ee5d9441e1`
SHA256	`fa8f82c8dfa52240e1e110645e0f329f239e215dd9109f86d15b38c26bb82ed9`
CRC32	`1FCF919F`
ssdeep	`12288:MspCOEA9mFErSNmbSoQDm315pAGvoX+2Z79YfNHwCi1nTH8YzH:M5mcFcSNmbS/Ymzt7wwtz8YzH`
Yara	Contains_VBA_macro_code - Detect a MS Office document with embedded VBA macro code [binaries] Microsoft_Office_File_Zero - Microsoft Office File

EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE" C:\Users\test22\AppData\Local\Temp\Inv%20799146.xls
1896
- rundll32.exe "C:\Windows\System32\rundll32.exe" "C:\Users\test22\AppData\Roaming\50681.dll" EsdSipCreateHash
  1460

Name	Response	Post-Analysis Lookup
main.bgsr.site	A 185.150.189.217	185.150.189.217

IP Address	Status	Action
164.124.101.2	Active	Moloch
185.150.189.217	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49203 -> 185.150.189.217:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49203 185.150.189.217:443	C=US, ST=TX, L=Houston, O=cPanel, Inc., CN=cPanel, Inc. Certification Authority	CN=main.bgsr.site	5f:03:9a:50:bb:86:53:1d:e3:87:ba:c4:d7:ef:39:26:fe:d2:2d:c0

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79c 50681+0x5f90 exception.address: 0x6d635f90 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 0 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79b 50681+0x5f91 exception.address: 0x6d635f91 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 0 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79a 50681+0x5f92 exception.address: 0x6d635f92 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 0 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f798 50681+0x5f94 exception.address: 0x6d635f94 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 1 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79c 50681+0x5f90 exception.address: 0x6d635f90 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 1 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79b 50681+0x5f91 exception.address: 0x6d635f91 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 1 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79a 50681+0x5f92 exception.address: 0x6d635f92 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 1 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f798 50681+0x5f94 exception.address: 0x6d635f94 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 2 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79c 50681+0x5f90 exception.address: 0x6d635f90 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 2 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79b 50681+0x5f91 exception.address: 0x6d635f91 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 2 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79a 50681+0x5f92 exception.address: 0x6d635f92 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 2 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f798 50681+0x5f94 exception.address: 0x6d635f94 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 3 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79c 50681+0x5f90 exception.address: 0x6d635f90 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 3 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79b 50681+0x5f91 exception.address: 0x6d635f91 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 3 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79a 50681+0x5f92 exception.address: 0x6d635f92 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 3 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f798 50681+0x5f94 exception.address: 0x6d635f94 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 4 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79c 50681+0x5f90 exception.address: 0x6d635f90 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 4 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79b 50681+0x5f91 exception.address: 0x6d635f91 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 4 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79a 50681+0x5f92 exception.address: 0x6d635f92 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 4 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f798 50681+0x5f94 exception.address: 0x6d635f94 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 5 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79c 50681+0x5f90 exception.address: 0x6d635f90 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 5 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79b 50681+0x5f91 exception.address: 0x6d635f91 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 5 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79a 50681+0x5f92 exception.address: 0x6d635f92 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 5 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f798 50681+0x5f94 exception.address: 0x6d635f94 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 6 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79c 50681+0x5f90 exception.address: 0x6d635f90 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 6 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79b 50681+0x5f91 exception.address: 0x6d635f91 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 6 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79a 50681+0x5f92 exception.address: 0x6d635f92 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 6 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f798 50681+0x5f94 exception.address: 0x6d635f94 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 7 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79c 50681+0x5f90 exception.address: 0x6d635f90 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 7 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79b 50681+0x5f91 exception.address: 0x6d635f91 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 7 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79a 50681+0x5f92 exception.address: 0x6d635f92 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 7 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f798 50681+0x5f94 exception.address: 0x6d635f94 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 8 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79c 50681+0x5f90 exception.address: 0x6d635f90 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 8 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79b 50681+0x5f91 exception.address: 0x6d635f91 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 8 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79a 50681+0x5f92 exception.address: 0x6d635f92 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 8 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f798 50681+0x5f94 exception.address: 0x6d635f94 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 9 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79c 50681+0x5f90 exception.address: 0x6d635f90 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 9 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79b 50681+0x5f91 exception.address: 0x6d635f91 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 9 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79a 50681+0x5f92 exception.address: 0x6d635f92 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 9 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f798 50681+0x5f94 exception.address: 0x6d635f94 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 10 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79c 50681+0x5f90 exception.address: 0x6d635f90 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 10 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79b 50681+0x5f91 exception.address: 0x6d635f91 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 10 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79a 50681+0x5f92 exception.address: 0x6d635f92 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 10 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f798 50681+0x5f94 exception.address: 0x6d635f94 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 11 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79c 50681+0x5f90 exception.address: 0x6d635f90 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 11 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79b 50681+0x5f91 exception.address: 0x6d635f91 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 11 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79a 50681+0x5f92 exception.address: 0x6d635f92 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 11 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f798 50681+0x5f94 exception.address: 0x6d635f94 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 12 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79c 50681+0x5f90 exception.address: 0x6d635f90 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 12 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1
__exception__ June 8, 2021, 8:59 a.m.	stacktrace: Rpkder336-0x23a9e 50681+0x1c8e @ 0x6d631c8e LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x1314ed rundll32+0x1baf @ 0x131baf rundll32+0x12e8 @ 0x1312e8 rundll32+0x1901 @ 0x131901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: Rpkder336-0x1f79b 50681+0x5f91 exception.address: 0x6d635f91 registers.esp: 2487380 registers.edi: 2487392 registers.eax: 12 registers.ebp: 2487812 registers.edx: 603409 registers.ebx: 0 registers.esi: 1970476209 registers.ecx: 828655755	1

Performs some HTTP requests (1 event)

request

GET https://main.bgsr.site/wp-includes/sodium_compat/src/Core32/ChaCha20/d68Tou3ui1RoUA.php

Allocates read-write-execute memory (usually to unpack itself) (28 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6dce1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6dd3f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6dd3f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6dc81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x65001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73321000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d9f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d9e1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d9a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d991000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d951000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d911000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d8f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d8b1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75401000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d891000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06b70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06b70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06c00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1896 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06d70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d561000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x71f71000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73781000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x768d1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74e21000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x750f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73761000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 8, 2021, 8:59 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76891000 process_handle: 0xffffffff	1

Creates suspicious VBA object (1 event)

com_class

Wscript.Shell

May attempt to create new processes

One or more non-whitelisted processes were created (1 event)

parent_process

excel.exe

martian_process

"C:\Windows\System32\rundll32.exe" "C:\Users\test22\AppData\Roaming\50681.dll" EsdSipCreateHash

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 8, 2021, 9 a.m.	tid: 2988 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 20 AntiVirus engines on VirusTotal as malicious (20 events)

Elastic	malicious (moderate confidence)
MicroWorld-eScan	VB:Trojan.Valyria.4710
FireEye	VB:Trojan.Valyria.4710
ALYac	VB:Trojan.Valyria.4710
VIPRE	LooksLike.Macro.Malware.gen!x1 (v)
Cyren	X97M/Agent.WF.gen!Eldorado
Avast	SNH:Script [Dropper]
BitDefender	VB:Trojan.Valyria.4710
Ad-Aware	VB:Trojan.Valyria.4710
TACHYON	Suspicious/X97M.Obfus.Gen.6
TrendMicro	HEUR_VBA.OE
Emsisoft	VB:Trojan.Valyria.4710 (B)
Microsoft	Trojan:Win32/Dridex!ml
GData	VB:Trojan.Valyria.4710
MAX	malware (ai score=80)
Zoner	Probably Heur.W97Obfuscated
Rising	Malware.ObfusVBA@ML.99 (VBA)
SentinelOne	Static AI - Malicious OLE
Fortinet	VBA/Agent.4710!tr
AVG	SNH:Script [Dropper]

Office document performs HTTP request (possibly to download malware) (1 event)

payload_url

https://main.bgsr.site/wp-includes/sodium_compat/src/Core32/ChaCha20/d68Tou3ui1RoUA.php

The process excel.exe wrote an executable file to disk which it then attempted to execute (1 event)

file	C:\Windows\System32\rundll32.exe

Inv%20799146.xls

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All