Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 15, 2021, 10:48 a.m.	June 15, 2021, 10:51 a.m.

Size	799.5KB
Type	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: pedocals anklebones, Subject: apodes commercialistic, Author: pneumobacillus ritonavirs, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Jun 14 10:44:34 2021, Last Saved Time/Date: Mon Jun 14 14:08:43 2021, Security: 0
MD5	`76d9ad731b3417ce329035c3497d19eb`
SHA256	`32d52214cf5e988fcea03d7edc9f775b22da0a886c75f37ceebd9a0b054a1391`
CRC32	`8891D64E`
ssdeep	`24576:fiOvq0l6lWl5lhYJ+elPxB0jELJvQ+FmbHvihdC/16eCSxo2:Jzl6lWl5lhKhlPxmjs22mLi/CoVd2`
Yara	Contains_VBA_macro_code - Detect a MS Office document with embedded VBA macro code [binaries] Generic_Malware_Zero - Generic Malware Microsoft_Office_File_Zero - Microsoft Office File

EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE" "C:\Users\test22\AppData\Local\Temp\Document 53142810.xls"
2648
- rundll32.exe "C:\Windows\System32\rundll32.exe" "C:\Users\test22\AppData\Roaming\6271.dll" WdiHandleInstance
  2164

Name	Response	Post-Analysis Lookup
exam.edumation.app	A 134.209.3.189	134.209.3.189

IP Address	Status	Action
134.209.3.189	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49204 -> 134.209.3.189:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49204 134.209.3.189:443	C=US, O=Let's Encrypt, CN=R3	CN=exam.edumation.app	8e:cb:87:91:e7:e8:18:e5:f8:59:b5:36:03:03:6a:42:be:07:52:d2

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43b 6271+0x7200 exception.address: 0x6d617200 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 0 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43a 6271+0x7201 exception.address: 0x6d617201 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 0 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f439 6271+0x7202 exception.address: 0x6d617202 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 0 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f437 6271+0x7204 exception.address: 0x6d617204 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 1 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43b 6271+0x7200 exception.address: 0x6d617200 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 1 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43a 6271+0x7201 exception.address: 0x6d617201 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 1 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f439 6271+0x7202 exception.address: 0x6d617202 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 1 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f437 6271+0x7204 exception.address: 0x6d617204 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 2 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43b 6271+0x7200 exception.address: 0x6d617200 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 2 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43a 6271+0x7201 exception.address: 0x6d617201 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 2 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f439 6271+0x7202 exception.address: 0x6d617202 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 2 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f437 6271+0x7204 exception.address: 0x6d617204 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 3 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43b 6271+0x7200 exception.address: 0x6d617200 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 3 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43a 6271+0x7201 exception.address: 0x6d617201 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 3 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f439 6271+0x7202 exception.address: 0x6d617202 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 3 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f437 6271+0x7204 exception.address: 0x6d617204 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 4 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43b 6271+0x7200 exception.address: 0x6d617200 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 4 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43a 6271+0x7201 exception.address: 0x6d617201 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 4 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f439 6271+0x7202 exception.address: 0x6d617202 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 4 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f437 6271+0x7204 exception.address: 0x6d617204 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 5 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43b 6271+0x7200 exception.address: 0x6d617200 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 5 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43a 6271+0x7201 exception.address: 0x6d617201 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 5 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f439 6271+0x7202 exception.address: 0x6d617202 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 5 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f437 6271+0x7204 exception.address: 0x6d617204 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 6 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43b 6271+0x7200 exception.address: 0x6d617200 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 6 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43a 6271+0x7201 exception.address: 0x6d617201 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 6 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f439 6271+0x7202 exception.address: 0x6d617202 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 6 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f437 6271+0x7204 exception.address: 0x6d617204 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 7 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43b 6271+0x7200 exception.address: 0x6d617200 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 7 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43a 6271+0x7201 exception.address: 0x6d617201 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 7 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f439 6271+0x7202 exception.address: 0x6d617202 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 7 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f437 6271+0x7204 exception.address: 0x6d617204 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 8 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43b 6271+0x7200 exception.address: 0x6d617200 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 8 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43a 6271+0x7201 exception.address: 0x6d617201 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 8 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f439 6271+0x7202 exception.address: 0x6d617202 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 8 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f437 6271+0x7204 exception.address: 0x6d617204 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 9 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43b 6271+0x7200 exception.address: 0x6d617200 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 9 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43a 6271+0x7201 exception.address: 0x6d617201 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 9 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f439 6271+0x7202 exception.address: 0x6d617202 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 9 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f437 6271+0x7204 exception.address: 0x6d617204 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 10 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43b 6271+0x7200 exception.address: 0x6d617200 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 10 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43a 6271+0x7201 exception.address: 0x6d617201 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 10 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f439 6271+0x7202 exception.address: 0x6d617202 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 10 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f437 6271+0x7204 exception.address: 0x6d617204 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 11 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43b 6271+0x7200 exception.address: 0x6d617200 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 11 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43a 6271+0x7201 exception.address: 0x6d617201 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 11 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f439 6271+0x7202 exception.address: 0x6d617202 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 11 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc eb f0 8b 04 24 64 a3 00 00 00 00 83 c4 08 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f437 6271+0x7204 exception.address: 0x6d617204 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 12 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43b 6271+0x7200 exception.address: 0x6d617200 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 12 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1
__exception__ June 15, 2021, 10:48 a.m.	stacktrace: DloneFplome-0x21aae 6271+0x4b8d @ 0x6d614b8d DloneFplome-0x241e4 6271+0x2457 @ 0x6d612457 DloneFplome-0x24049 6271+0x25f2 @ 0x6d6125f2 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x707cd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x5614ed rundll32+0x1baf @ 0x561baf rundll32+0x12e8 @ 0x5612e8 rundll32+0x1901 @ 0x561901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 40 cc eb f0 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DloneFplome-0x1f43a 6271+0x7201 exception.address: 0x6d617201 registers.esp: 3075548 registers.edi: 6928000 registers.eax: 12 registers.ebp: 3075600 registers.edx: 603409 registers.ebx: 35693 registers.esi: 0 registers.ecx: 116	1

Performs some HTTP requests (1 event)

request

GET https://exam.edumation.app/wp-content/themes/twentynineteen/sass/blocks/4bcHpcgYlJKPDXl.php

Allocates read-write-execute memory (usually to unpack itself) (24 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6dce1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6dd3f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6dd3f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6dc81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x65001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73321000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d9f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d9e1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d9a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d991000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d951000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d911000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d8f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d8b1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75401000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d891000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06560000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06560000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06820000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06830000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2164 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6da41000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2164 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6da21000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2164 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76891000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 15, 2021, 10:48 a.m.	process_identifier: 2164 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732d1000 process_handle: 0xffffffff	1

Creates suspicious VBA object (1 event)

com_class

Wscript.Shell

May attempt to create new processes

One or more non-whitelisted processes were created (1 event)

parent_process

excel.exe

martian_process

"C:\Windows\System32\rundll32.exe" "C:\Users\test22\AppData\Roaming\6271.dll" WdiHandleInstance

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 15, 2021, 10:49 a.m.	tid: 492 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 23 AntiVirus engines on VirusTotal as malicious (23 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	VB:Trojan.Valyria.4710
FireEye	VB:Trojan.Valyria.4710
ALYac	VB:Trojan.Valyria.4710
VIPRE	LooksLike.Macro.Malware.gen!x1 (v)
Cyren	X97M/Agent.WF.gen!Eldorado
ESET-NOD32	VBA/TrojanDownloader.Agent.WGM
Avast	VBA:Crypt-AB [Trj]
BitDefender	VB:Trojan.Valyria.4710
Ad-Aware	VB:Trojan.Valyria.4710
TACHYON	Suspicious/X97M.Obfus.Gen.6
TrendMicro	HEUR_VBA.OE
McAfee-GW-Edition	BehavesLike.OLE2.Downloader.bb
Emsisoft	VB:Trojan.Valyria.4710 (B)
SentinelOne	Static AI - Malicious OLE
Microsoft	TrojanDownloader:O97M/Dridex.BVG!MTB
GData	VB:Trojan.Valyria.4710
McAfee	W97M/Downloader.dpx
MAX	malware (ai score=88)
Zoner	Probably Heur.W97Obfuscated
Rising	Malware.ObfusVBA@ML.97 (VBA)
Fortinet	VBA/Agent.WCP!tr.dldr
AVG	VBA:Crypt-AB [Trj]

Office document performs HTTP request (possibly to download malware) (1 event)

payload_url

https://exam.edumation.app/wp-content/themes/twentynineteen/sass/blocks/4bcHpcgYlJKPDXl.php

The process excel.exe wrote an executable file to disk which it then attempted to execute (1 event)

file	C:\Windows\System32\rundll32.exe

Document 53142810.xls

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All