Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 2, 2021, 11:09 a.m.	Sept. 2, 2021, 11:18 a.m.

Size	188.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`25fa610acccab59f7ff0b986a1491a6c`
SHA256	`918eb79312eac148ae9e25e69555cef19a974e2e4437d16303a41568be9ccf05`
CRC32	`AC12195E`
ssdeep	`3072:4teMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzV9qM:8q7fYIHBZkTB6DWruUCOwjt`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\dmdskmgr.dll,EgppeRmclooss
2416
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\dmdskmgr.dll,
1224

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2b dmdskmgr+0x72a3 exception.address: 0x73d572a3 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 2 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2a dmdskmgr+0x72a4 exception.address: 0x73d572a4 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 2 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e29 dmdskmgr+0x72a5 exception.address: 0x73d572a5 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 2 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e28 dmdskmgr+0x72a6 exception.address: 0x73d572a6 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 2 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2b dmdskmgr+0x72a3 exception.address: 0x73d572a3 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 3 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2a dmdskmgr+0x72a4 exception.address: 0x73d572a4 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 3 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e29 dmdskmgr+0x72a5 exception.address: 0x73d572a5 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 3 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e28 dmdskmgr+0x72a6 exception.address: 0x73d572a6 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 3 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2b dmdskmgr+0x72a3 exception.address: 0x73d572a3 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 4 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2a dmdskmgr+0x72a4 exception.address: 0x73d572a4 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 4 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e29 dmdskmgr+0x72a5 exception.address: 0x73d572a5 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 4 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e28 dmdskmgr+0x72a6 exception.address: 0x73d572a6 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 4 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2b dmdskmgr+0x72a3 exception.address: 0x73d572a3 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 5 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2a dmdskmgr+0x72a4 exception.address: 0x73d572a4 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 5 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e29 dmdskmgr+0x72a5 exception.address: 0x73d572a5 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 5 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e28 dmdskmgr+0x72a6 exception.address: 0x73d572a6 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 5 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2b dmdskmgr+0x72a3 exception.address: 0x73d572a3 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 6 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2a dmdskmgr+0x72a4 exception.address: 0x73d572a4 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 6 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e29 dmdskmgr+0x72a5 exception.address: 0x73d572a5 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 6 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e28 dmdskmgr+0x72a6 exception.address: 0x73d572a6 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 6 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2b dmdskmgr+0x72a3 exception.address: 0x73d572a3 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 7 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2a dmdskmgr+0x72a4 exception.address: 0x73d572a4 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 7 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e29 dmdskmgr+0x72a5 exception.address: 0x73d572a5 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 7 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e28 dmdskmgr+0x72a6 exception.address: 0x73d572a6 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 7 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2b dmdskmgr+0x72a3 exception.address: 0x73d572a3 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 8 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2a dmdskmgr+0x72a4 exception.address: 0x73d572a4 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 8 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e29 dmdskmgr+0x72a5 exception.address: 0x73d572a5 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 8 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e28 dmdskmgr+0x72a6 exception.address: 0x73d572a6 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 8 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2b dmdskmgr+0x72a3 exception.address: 0x73d572a3 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 9 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2a dmdskmgr+0x72a4 exception.address: 0x73d572a4 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 9 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e29 dmdskmgr+0x72a5 exception.address: 0x73d572a5 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 9 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e28 dmdskmgr+0x72a6 exception.address: 0x73d572a6 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 9 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2b dmdskmgr+0x72a3 exception.address: 0x73d572a3 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 10 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2a dmdskmgr+0x72a4 exception.address: 0x73d572a4 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 10 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e29 dmdskmgr+0x72a5 exception.address: 0x73d572a5 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 10 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e28 dmdskmgr+0x72a6 exception.address: 0x73d572a6 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 10 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2b dmdskmgr+0x72a3 exception.address: 0x73d572a3 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 11 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2a dmdskmgr+0x72a4 exception.address: 0x73d572a4 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 11 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e29 dmdskmgr+0x72a5 exception.address: 0x73d572a5 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 11 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e28 dmdskmgr+0x72a6 exception.address: 0x73d572a6 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 11 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2b dmdskmgr+0x72a3 exception.address: 0x73d572a3 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 12 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2a dmdskmgr+0x72a4 exception.address: 0x73d572a4 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 12 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e29 dmdskmgr+0x72a5 exception.address: 0x73d572a5 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 12 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e28 dmdskmgr+0x72a6 exception.address: 0x73d572a6 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 12 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2b dmdskmgr+0x72a3 exception.address: 0x73d572a3 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 13 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2a dmdskmgr+0x72a4 exception.address: 0x73d572a4 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 13 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e29 dmdskmgr+0x72a5 exception.address: 0x73d572a5 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 13 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e28 dmdskmgr+0x72a6 exception.address: 0x73d572a6 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 13 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2b dmdskmgr+0x72a3 exception.address: 0x73d572a3 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 14 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1
__exception__ Sept. 2, 2021, 11:09 a.m.	stacktrace: EgppeRmclooss-0x23079 dmdskmgr+0x5055 @ 0x73d55055 EgppeRmclooss-0x2594b dmdskmgr+0x2783 @ 0x73d52783 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x773d9930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x773dd8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x773dd76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x773dc4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x72bed4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76a81d2a rundll32+0x14ed @ 0x4b14ed rundll32+0x1baf @ 0x4b1baf rundll32+0x12e8 @ 0x4b12e8 rundll32+0x1901 @ 0x4b1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: EgppeRmclooss-0x20e2a dmdskmgr+0x72a4 exception.address: 0x73d572a4 registers.esp: 783652 registers.edi: 4294967295 registers.eax: 14 registers.ebp: 783712 registers.edx: 603409 registers.ebx: 3599464234 registers.esi: 0 registers.ecx: 70	1

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 2, 2021, 11:09 a.m.	process_identifier: 2416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c91000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory Sept. 2, 2021, 11:09 a.m.	process_identifier: 2416 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76891000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00021000', u'virtual_address': u'0x00008000', u'entropy': 7.688394821519094, u'name': u'.rdata', u'virtual_size': u'0x00020bbe'}

entropy

7.68839482152

description

A section with a high entropy has been found

entropy

0.717391304348

description

Overall entropy of this PE file is high

File has been identified by 18 AntiVirus engines on VirusTotal as malicious (18 events)

Elastic	malicious (high confidence)
FireEye	Generic.mg.25fa610acccab59f
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
Cyren	W32/Dridex.EV.gen!Eldorado
Symantec	Packed.Generic.517
APEX	Malicious
Avast	FileRepMalware
Sophos	ML/PE-A + Mal/EncPk-APX
Ikarus	Trojan-Banker.Dridex
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
McAfee	GenericRXAA-FA!25FA610ACCCA
Rising	Trojan.Generic@ML.80 (RDML:6Ag/7q8c6mW067FilKsflQ)
SentinelOne	Static AI - Malicious PE
BitDefenderTheta	Gen:NN.ZedlaF.34126.lu8@auxqP9hi
AVG	FileRepMalware

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Sept. 2, 2021, 11:09 a.m.	tid: 2332 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

dmdskmgr.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All