Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 22, 2021, 11:17 a.m.	June 22, 2021, 11:20 a.m.

Size	508.5KB
Type	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`4e5fc6111da7ec4512257864ded2f43b`
SHA256	`9337cbb204dce3fea34177b596716d98f9af75e73c5e35f98254ee22a40383c5`
CRC32	`112DAF7A`
ssdeep	`12288:wn0L1zaGC6aKiUulRnRJRwesnWPyNCNnQ:w0LRFCmu3nGW6NanQ`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) IsDLL - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,StartW
732
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,StartW
  852
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,_cgo_dummy_export
1772
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,_cgo_dummy_export
  2648
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,aekxcpamk
1536
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,aekxcpamk
  2252
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,avugtzedva
1048
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,avugtzedva
  1760
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,baszevtrfyzp
1436
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,baszevtrfyzp
  3032
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,btirtszhsdofa
2524
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,btirtszhsdofa
  2332
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,cffrihrojxkmw
2256
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,cffrihrojxkmw
  2228
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,cdjfyhjjvrs
1468
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,cdjfyhjjvrs
  2560
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,cgxcrnhotwsaglpdx
2656
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,cgxcrnhotwsaglpdx
  1852
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,cmfjrlthtv
1812
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,cmfjrlthtv
  668
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,cpdiudkvxrelb
2408
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,cpdiudkvxrelb
  3224
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ctxreelcfjdezjefr
2236
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ctxreelcfjdezjefr
  3580
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ddsvfvqn
3336
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ddsvfvqn
  3712
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,dftkfwtqd
3516
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,dftkfwtqd
  3932
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,djqnbighatygzbyph
3808
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,djqnbighatygzbyph
  3260
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,dkoolzw
3940
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,dkoolzw
  3500
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,elvqsrzdp
4068
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,elvqsrzdp
  3868
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,fdedputeeqxudssod
3384
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,fdedputeeqxudssod
  4012
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,fgplhvdrjz
3756
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,fgplhvdrjz
  3648
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,fkoumwnmwimykbxho
4080
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,fkoumwnmwimykbxho
  2852
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,flviyhl
3924
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,flviyhl
  4104
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,gcjrqzhfi
3920
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,gcjrqzhfi
  4252
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,gixtvbh
4176
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,gixtvbh
  4672
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,gmueieigy
4356
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,gmueieigy
  4804
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,gpixdoyeew
4444
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,gpixdoyeew
  5008
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,grpnpgrwzttkysi
4536
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,grpnpgrwzttkysi
  4952
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,hlkjnzufnw
4632
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,hlkjnzufnw
  4216
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,hmubthrmzz
4760
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,hmubthrmzz
  5088
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,iuytelpdilpqehp
4152
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,iuytelpdilpqehp
  4456
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,hvtxhlakvi
4916
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,hvtxhlakvi
  4564
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,izxobtig
4328
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,izxobtig
  5044
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,jonkqxlonl
4576
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,jonkqxlonl
  4396
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,kbuulczjahek
4792
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,kbuulczjahek
  4948
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,kdwnidb
2480
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,kdwnidb
  4436
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,kgknjas
4712
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,kgknjas
  4988
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,knfxydlhusmf
5004
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,knfxydlhusmf
  3892
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,kqakfnjl
4004
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,kqakfnjl
  5204
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,kylxdtj
4968
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,kylxdtj
  5456
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,lbueqvfvz
4340
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,lbueqvfvz
  5332
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,lflbkeapyc
5216
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,lflbkeapyc
  5560
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,lfpqaqkxkegxxwpwr
5400
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,lfpqaqkxkegxxwpwr
  5832
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,lidbsisjybnrgjtkk
5588
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,lidbsisjybnrgjtkk
  5948
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,llpydhwbcbaomldym
5724
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,llpydhwbcbaomldym
  6116
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,lyzgerjrvqhjb
5900
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,lyzgerjrvqhjb
  5236
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,mqvhnafrvmo
6028
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,mqvhnafrvmo
  5424
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,mwnaxnblaajnrhqts
5228
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,mwnaxnblaajnrhqts
  5576
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,nampkebwdggf
5408
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,nampkebwdggf
  5184
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ofgbvvddun
5676
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ofgbvvddun
  5984
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,okwtcsvetfefzqsp
4812
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,okwtcsvetfefzqsp
  5360
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,oydjhjeyydtgpxl
3480
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,oydjhjeyydtgpxl
  5764
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,oyokgbqeqjtk
4276
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,oyokgbqeqjtk
  5568
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,pjodfqtkyzvzhqfw
5476
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,pjodfqtkyzvzhqfw
  5036
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ppscmrccuzylnh
5868
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ppscmrccuzylnh
  5412
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,prlxglqdatwucmyxh
5812
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,prlxglqdatwucmyxh
  5292
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,pupupatc
5664
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,pupupatc
  5656
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,qrvizuhylmxdk
5256
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,qrvizuhylmxdk
  6048
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,rodvcrhwrmzasg
5884
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,rodvcrhwrmzasg
  6080
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ruutqdxl
4500
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ruutqdxl
  6156
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,rwdhplglkilknfvp
5352
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,rwdhplglkilknfvp
  6360
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,sdysqiuo
5488
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,sdysqiuo
  6460
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,sqwmcucwoez
6236
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,sqwmcucwoez
  6540
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,tlxkqgrf
6336
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,tlxkqgrf
  6852
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,tnmrozaqm
6584
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,tnmrozaqm
  7004
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,tzqoerepgnr
6700
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,tzqoerepgnr
  7080
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,uoqzdvihfcepsq
6828
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,uoqzdvihfcepsq
  6260
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,vbsnsxjgwhml
6992
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,vbsnsxjgwhml
  6348
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,vhxtiovrha
5612
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,vhxtiovrha
  6620
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,vscbtycbrow
6476
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,vscbtycbrow
  7064
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,vynypsszqjxyle
6616
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,vynypsszqjxyle
  6152
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,wosivzctwsxaxnfm
6880
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,wosivzctwsxaxnfm
  6776
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,wpiowxx
6980
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,wpiowxx
  5312
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,wqadekkq
6332
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,wqadekkq
  6996
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,xvwozmjipkpl
6532
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,xvwozmjipkpl
  5640
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,xyegimmkl
5212
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,xyegimmkl
  6720
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,yanagsmsseor
5776
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,yanagsmsseor
  6488
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ycbrjhifxyhovie
6892
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ycbrjhifxyhovie
  6956
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ydazjoruuwwgbq
6552
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ydazjoruuwwgbq
  6668
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ypgotfngylypaaohq
6856
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,ypgotfngylypaaohq
  6764
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,zhyiamorbu
6472
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,zhyiamorbu
  6636
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\GT2pFbB.dll,
6888

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	yxvzqhkd
section	djeplsyp
section	bxldypey

One or more processes crashed (50 out of 79 events)

Time & API	Arguments	Status
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 911976 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 917264 registers.r11: 1 registers.r8: 64 registers.r9: 6119648 registers.rdx: 913320 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 911656 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2745512 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2750800 registers.r11: 1 registers.r8: 64 registers.r9: 1138912 registers.rdx: 2746856 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2745192 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1500104 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1505392 registers.r11: 1 registers.r8: 64 registers.r9: 2384096 registers.rdx: 1501448 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1499784 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1239864 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1245152 registers.r11: 1 registers.r8: 64 registers.r9: 2384096 registers.rdx: 1241208 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1239544 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1566360 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1571648 registers.r11: 1 registers.r8: 64 registers.r9: 4219104 registers.rdx: 1567704 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1566040 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 977176 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 982464 registers.r11: 1 registers.r8: 64 registers.r9: 5005536 registers.rdx: 978520 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 976856 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2221384 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2226672 registers.r11: 1 registers.r8: 64 registers.r9: 2908384 registers.rdx: 2222728 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2221064 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 911000 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 916288 registers.r11: 1 registers.r8: 64 registers.r9: 4743392 registers.rdx: 912344 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 910680 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1632504 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1637792 registers.r11: 1 registers.r8: 64 registers.r9: 2384096 registers.rdx: 1633848 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1632184 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1370232 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1375520 registers.r11: 1 registers.r8: 64 registers.r9: 2973920 registers.rdx: 1371576 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1369912 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1631592 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1636880 registers.r11: 1 registers.r8: 64 registers.r9: 4022496 registers.rdx: 1632936 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1631272 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1698056 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1703344 registers.r11: 1 registers.r8: 64 registers.r9: 3432672 registers.rdx: 1699400 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1697736 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1239160 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1244448 registers.r11: 1 registers.r8: 64 registers.r9: 4612320 registers.rdx: 1240504 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1238840 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1370728 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1376016 registers.r11: 1 registers.r8: 64 registers.r9: 4808928 registers.rdx: 1372072 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1370408 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1698584 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1703872 registers.r11: 1 registers.r8: 64 registers.r9: 4088032 registers.rdx: 1699928 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1698264 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2680440 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2685728 registers.r11: 1 registers.r8: 64 registers.r9: 5857504 registers.rdx: 2681784 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2680120 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 714840 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 720128 registers.r11: 1 registers.r8: 64 registers.r9: 4874464 registers.rdx: 716184 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 714520 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 779640 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 784928 registers.r11: 1 registers.r8: 64 registers.r9: 4743392 registers.rdx: 780984 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 779320 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1173064 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1178352 registers.r11: 1 registers.r8: 64 registers.r9: 5071072 registers.rdx: 1174408 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1172744 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2091256 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2096544 registers.r11: 1 registers.r8: 64 registers.r9: 6185184 registers.rdx: 2092600 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2090936 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 910872 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 916160 registers.r11: 1 registers.r8: 64 registers.r9: 5267680 registers.rdx: 912216 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 910552 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1960056 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1965344 registers.r11: 1 registers.r8: 64 registers.r9: 1204448 registers.rdx: 1961400 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1959736 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 781000 registers.rsi: 0 registers.r10: 226 registers.rbx: 0 registers.rsp: 786288 registers.r11: 1 registers.r8: 64 registers.r9: 5865104 registers.rdx: 782344 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 780680 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2483416 registers.rsi: 0 registers.r10: 226 registers.rbx: 0 registers.rsp: 2488704 registers.r11: 1 registers.r8: 64 registers.r9: 1670800 registers.rdx: 2484760 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2483096 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1566296 registers.rsi: 0 registers.r10: 226 registers.rbx: 0 registers.rsp: 1571584 registers.r11: 1 registers.r8: 64 registers.r9: 7503504 registers.rdx: 1567640 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1565976 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2156616 registers.rsi: 0 registers.r10: 226 registers.rbx: 0 registers.rsp: 2161904 registers.r11: 1 registers.r8: 64 registers.r9: 7372432 registers.rdx: 2157960 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2156296 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1762328 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1767616 registers.r11: 1 registers.r8: 64 registers.r9: 6054112 registers.rdx: 1763672 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1762008 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2221960 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2227248 registers.r11: 1 registers.r8: 64 registers.r9: 5988576 registers.rdx: 2223304 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2221640 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2614088 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2619376 registers.r11: 1 registers.r8: 64 registers.r9: 155872 registers.rdx: 2615432 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2613768 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2418968 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2424256 registers.r11: 1 registers.r8: 64 registers.r9: 6512864 registers.rdx: 2420312 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2418648 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2615080 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2620368 registers.r11: 1 registers.r8: 64 registers.r9: 7823584 registers.rdx: 2616424 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2614760 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2679912 registers.rsi: 0 registers.r10: 226 registers.rbx: 0 registers.rsp: 2685200 registers.r11: 1 registers.r8: 64 registers.r9: 163472 registers.rdx: 2681256 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2679592 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1632888 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1638176 registers.r11: 1 registers.r8: 64 registers.r9: 6054112 registers.rdx: 1634232 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1632568 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1894184 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1899472 registers.r11: 1 registers.r8: 64 registers.r9: 1204448 registers.rdx: 1895528 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1893864 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2287864 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2293152 registers.r11: 1 registers.r8: 64 registers.r9: 1401056 registers.rdx: 2289208 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2287544 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2419048 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2424336 registers.r11: 1 registers.r8: 64 registers.r9: 7889120 registers.rdx: 2420392 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2418728 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 977544 registers.rsi: 0 registers.r10: 226 registers.rbx: 0 registers.rsp: 982832 registers.r11: 1 registers.r8: 64 registers.r9: 5734032 registers.rdx: 978888 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 977224 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1239064 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1244352 registers.r11: 1 registers.r8: 64 registers.r9: 4874464 registers.rdx: 1240408 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1238744 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1370360 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1375648 registers.r11: 1 registers.r8: 64 registers.r9: 6119648 registers.rdx: 1371704 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1370040 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2090760 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2096048 registers.r11: 1 registers.r8: 64 registers.r9: 6709472 registers.rdx: 2092104 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2090440 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2484760 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2490048 registers.r11: 1 registers.r8: 64 registers.r9: 6512864 registers.rdx: 2486104 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2484440 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1501912 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1507200 registers.r11: 1 registers.r8: 64 registers.r9: 5333216 registers.rdx: 1503256 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1501592 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2222824 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2228112 registers.r11: 1 registers.r8: 64 registers.r9: 5923040 registers.rdx: 2224168 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2222504 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2025368 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2030656 registers.r11: 1 registers.r8: 64 registers.r9: 7889120 registers.rdx: 2026712 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2025048 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1959288 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1964576 registers.r11: 1 registers.r8: 64 registers.r9: 1204448 registers.rdx: 1960632 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1958968 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1370200 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1375488 registers.r11: 1 registers.r8: 64 registers.r9: 5660896 registers.rdx: 1371544 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1369880 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2418872 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2424160 registers.r11: 1 registers.r8: 64 registers.r9: 5988576 registers.rdx: 2420216 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2418552 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2746008 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 2751296 registers.r11: 1 registers.r8: 64 registers.r9: 3236064 registers.rdx: 2747352 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2745688 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1107416 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1112704 registers.r11: 1 registers.r8: 64 registers.r9: 6840544 registers.rdx: 1108760 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1107096 registers.r13: 0	1
__exception__ June 22, 2021, 11:10 a.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_kernel32_CreateThread+0x29 New_kernel32_CreateToolhelp32Snapshot-0x136 @ 0x7442a013 _beginthread+0xab _vcprintf_l-0x12e5 msvcrt+0x4c4db @ 0x7fefdadc4db flviyhl+0xb10 _cgo_dummy_export-0xfa180 gt2pfbb+0x729a0 @ 0x7fef19f29a0 StartW-0xfda2 gt2pfbb+0x608be @ 0x7fef19e08be flviyhl+0x6f79 _cgo_dummy_export-0xf3d17 gt2pfbb+0x78e09 @ 0x7fef19f8e09 flviyhl+0x5d72 _cgo_dummy_export-0xf4f1e gt2pfbb+0x77c02 @ 0x7fef19f7c02 StartW-0x6f39f gt2pfbb+0x12c1 @ 0x7fef19812c1 TpAllocTimer+0xb08 RtlInitializeCriticalSectionEx-0x318 ntdll+0x3b0d8 @ 0x771fb0d8 RtlCreateUnicodeStringFromAsciiz+0xea LdrLoadDll-0x246 ntdll+0x2784a @ 0x771e784a LdrLoadDll+0x9e RtlOpenCurrentUser-0x442 ntdll+0x27b2e @ 0x771e7b2e New_ntdll_LdrLoadDll+0xaf New_ntdll_LdrUnloadDll-0xd9 @ 0x7442f9f8 LoadLibraryExW+0x19c FreeSid-0xa4 kernelbase+0xa05c @ 0x7fefd6da05c rundll32+0x2b50 @ 0xff5e2b50 rundll32+0x2e6a @ 0xff5e2e6a rundll32+0x3b7a @ 0xff5e3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 1501912 registers.rsi: 0 registers.r10: 158 registers.rbx: 0 registers.rsp: 1507200 registers.r11: 1 registers.r8: 64 registers.r9: 4088032 registers.rdx: 1503256 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1501592 registers.r13: 0	1

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 events)

APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:Trojan.Win64.Reflo
Gridinsoft	Trojan.Heur!.032120E2
ZoneAlarm	UDS:DangerousObject.Multi.Generic

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0007e600', u'virtual_address': u'0x000fc000', u'entropy': 7.90697385926923, u'name': u'djeplsyp', u'virtual_size': u'0x0007f000'}

entropy

7.90697385927

description

A section with a high entropy has been found

entropy

0.995078740157

description

Overall entropy of this PE file is high

GT2pFbB.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All