Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 12, 2021, 2:44 p.m.	Sept. 12, 2021, 2:46 p.m.

Size	188.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`95f58081bf238bb8fe32127e84c9eff6`
SHA256	`1a05a89e58869e9f5813310a825548dafd49e75da6d4e2b2fbfa33edc3b361db`
CRC32	`E142709C`
ssdeep	`3072:e7o4aQnV+A43RKz2f8OWa28/xB441a97hrtJ2EnP8fQ9ixQ+Y8u:1Qn5z2f8OWv+i4C7drjEfQ91`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\6_cmi2migxml.dll.dll,QwmdpoyyNooldenntdef
1428
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\6_cmi2migxml.dll.dll,
2104

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21283 6_cmi2migxml+0x6f83 exception.address: 0x73fb6f83 registers.esp: 586740 registers.edi: 137577501 registers.eax: 2 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21282 6_cmi2migxml+0x6f84 exception.address: 0x73fb6f84 registers.esp: 586740 registers.edi: 137577501 registers.eax: 2 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21281 6_cmi2migxml+0x6f85 exception.address: 0x73fb6f85 registers.esp: 586740 registers.edi: 137577501 registers.eax: 2 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21280 6_cmi2migxml+0x6f86 exception.address: 0x73fb6f86 registers.esp: 586740 registers.edi: 137577501 registers.eax: 2 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21283 6_cmi2migxml+0x6f83 exception.address: 0x73fb6f83 registers.esp: 586740 registers.edi: 137577501 registers.eax: 3 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21282 6_cmi2migxml+0x6f84 exception.address: 0x73fb6f84 registers.esp: 586740 registers.edi: 137577501 registers.eax: 3 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21281 6_cmi2migxml+0x6f85 exception.address: 0x73fb6f85 registers.esp: 586740 registers.edi: 137577501 registers.eax: 3 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21280 6_cmi2migxml+0x6f86 exception.address: 0x73fb6f86 registers.esp: 586740 registers.edi: 137577501 registers.eax: 3 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21283 6_cmi2migxml+0x6f83 exception.address: 0x73fb6f83 registers.esp: 586740 registers.edi: 137577501 registers.eax: 4 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21282 6_cmi2migxml+0x6f84 exception.address: 0x73fb6f84 registers.esp: 586740 registers.edi: 137577501 registers.eax: 4 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21281 6_cmi2migxml+0x6f85 exception.address: 0x73fb6f85 registers.esp: 586740 registers.edi: 137577501 registers.eax: 4 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21280 6_cmi2migxml+0x6f86 exception.address: 0x73fb6f86 registers.esp: 586740 registers.edi: 137577501 registers.eax: 4 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21283 6_cmi2migxml+0x6f83 exception.address: 0x73fb6f83 registers.esp: 586740 registers.edi: 137577501 registers.eax: 5 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21282 6_cmi2migxml+0x6f84 exception.address: 0x73fb6f84 registers.esp: 586740 registers.edi: 137577501 registers.eax: 5 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21281 6_cmi2migxml+0x6f85 exception.address: 0x73fb6f85 registers.esp: 586740 registers.edi: 137577501 registers.eax: 5 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21280 6_cmi2migxml+0x6f86 exception.address: 0x73fb6f86 registers.esp: 586740 registers.edi: 137577501 registers.eax: 5 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21283 6_cmi2migxml+0x6f83 exception.address: 0x73fb6f83 registers.esp: 586740 registers.edi: 137577501 registers.eax: 6 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21282 6_cmi2migxml+0x6f84 exception.address: 0x73fb6f84 registers.esp: 586740 registers.edi: 137577501 registers.eax: 6 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21281 6_cmi2migxml+0x6f85 exception.address: 0x73fb6f85 registers.esp: 586740 registers.edi: 137577501 registers.eax: 6 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21280 6_cmi2migxml+0x6f86 exception.address: 0x73fb6f86 registers.esp: 586740 registers.edi: 137577501 registers.eax: 6 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21283 6_cmi2migxml+0x6f83 exception.address: 0x73fb6f83 registers.esp: 586740 registers.edi: 137577501 registers.eax: 7 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21282 6_cmi2migxml+0x6f84 exception.address: 0x73fb6f84 registers.esp: 586740 registers.edi: 137577501 registers.eax: 7 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21281 6_cmi2migxml+0x6f85 exception.address: 0x73fb6f85 registers.esp: 586740 registers.edi: 137577501 registers.eax: 7 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21280 6_cmi2migxml+0x6f86 exception.address: 0x73fb6f86 registers.esp: 586740 registers.edi: 137577501 registers.eax: 7 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21283 6_cmi2migxml+0x6f83 exception.address: 0x73fb6f83 registers.esp: 586740 registers.edi: 137577501 registers.eax: 8 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21282 6_cmi2migxml+0x6f84 exception.address: 0x73fb6f84 registers.esp: 586740 registers.edi: 137577501 registers.eax: 8 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21281 6_cmi2migxml+0x6f85 exception.address: 0x73fb6f85 registers.esp: 586740 registers.edi: 137577501 registers.eax: 8 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21280 6_cmi2migxml+0x6f86 exception.address: 0x73fb6f86 registers.esp: 586740 registers.edi: 137577501 registers.eax: 8 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21283 6_cmi2migxml+0x6f83 exception.address: 0x73fb6f83 registers.esp: 586740 registers.edi: 137577501 registers.eax: 9 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21282 6_cmi2migxml+0x6f84 exception.address: 0x73fb6f84 registers.esp: 586740 registers.edi: 137577501 registers.eax: 9 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21281 6_cmi2migxml+0x6f85 exception.address: 0x73fb6f85 registers.esp: 586740 registers.edi: 137577501 registers.eax: 9 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21280 6_cmi2migxml+0x6f86 exception.address: 0x73fb6f86 registers.esp: 586740 registers.edi: 137577501 registers.eax: 9 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21283 6_cmi2migxml+0x6f83 exception.address: 0x73fb6f83 registers.esp: 586740 registers.edi: 137577501 registers.eax: 10 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21282 6_cmi2migxml+0x6f84 exception.address: 0x73fb6f84 registers.esp: 586740 registers.edi: 137577501 registers.eax: 10 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21281 6_cmi2migxml+0x6f85 exception.address: 0x73fb6f85 registers.esp: 586740 registers.edi: 137577501 registers.eax: 10 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21280 6_cmi2migxml+0x6f86 exception.address: 0x73fb6f86 registers.esp: 586740 registers.edi: 137577501 registers.eax: 10 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21283 6_cmi2migxml+0x6f83 exception.address: 0x73fb6f83 registers.esp: 586740 registers.edi: 137577501 registers.eax: 11 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21282 6_cmi2migxml+0x6f84 exception.address: 0x73fb6f84 registers.esp: 586740 registers.edi: 137577501 registers.eax: 11 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21281 6_cmi2migxml+0x6f85 exception.address: 0x73fb6f85 registers.esp: 586740 registers.edi: 137577501 registers.eax: 11 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21280 6_cmi2migxml+0x6f86 exception.address: 0x73fb6f86 registers.esp: 586740 registers.edi: 137577501 registers.eax: 11 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21283 6_cmi2migxml+0x6f83 exception.address: 0x73fb6f83 registers.esp: 586740 registers.edi: 137577501 registers.eax: 12 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21282 6_cmi2migxml+0x6f84 exception.address: 0x73fb6f84 registers.esp: 586740 registers.edi: 137577501 registers.eax: 12 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21281 6_cmi2migxml+0x6f85 exception.address: 0x73fb6f85 registers.esp: 586740 registers.edi: 137577501 registers.eax: 12 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21280 6_cmi2migxml+0x6f86 exception.address: 0x73fb6f86 registers.esp: 586740 registers.edi: 137577501 registers.eax: 12 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21283 6_cmi2migxml+0x6f83 exception.address: 0x73fb6f83 registers.esp: 586740 registers.edi: 137577501 registers.eax: 13 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21282 6_cmi2migxml+0x6f84 exception.address: 0x73fb6f84 registers.esp: 586740 registers.edi: 137577501 registers.eax: 13 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21281 6_cmi2migxml+0x6f85 exception.address: 0x73fb6f85 registers.esp: 586740 registers.edi: 137577501 registers.eax: 13 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 c4 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21280 6_cmi2migxml+0x6f86 exception.address: 0x73fb6f86 registers.esp: 586740 registers.edi: 137577501 registers.eax: 13 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21283 6_cmi2migxml+0x6f83 exception.address: 0x73fb6f83 registers.esp: 586740 registers.edi: 137577501 registers.eax: 14 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1
__exception__ Sept. 12, 2021, 2:44 p.m.	stacktrace: QwmdpoyyNooldenntdef-0x23409 6_cmi2migxml+0x4dfd @ 0x73fb4dfd QwmdpoyyNooldenntdef-0x25abd 6_cmi2migxml+0x2749 @ 0x73fb2749 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x77b1d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x77b1d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x77b1c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x749fd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75671d2a rundll32+0x14ed @ 0x7614ed rundll32+0x1baf @ 0x761baf rundll32+0x12e8 @ 0x7612e8 rundll32+0x1901 @ 0x761901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76a433ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.instruction_r: cc cc cc 48 eb ed 8b 04 24 64 a3 00 00 00 00 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: QwmdpoyyNooldenntdef-0x21282 6_cmi2migxml+0x6f84 exception.address: 0x73fb6f84 registers.esp: 586740 registers.edi: 137577501 registers.eax: 14 registers.ebp: 586832 registers.edx: 603409 registers.ebx: 1 registers.esi: 4294380468 registers.ecx: 586828	1

Allocates read-write-execute memory (usually to unpack itself) (6 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 12, 2021, 2:44 p.m.	process_identifier: 1428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75491000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:44 p.m.	process_identifier: 1428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x764a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:44 p.m.	process_identifier: 1428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:44 p.m.	process_identifier: 1428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f31000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:44 p.m.	process_identifier: 1428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76b61000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:44 p.m.	process_identifier: 1428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73ef1000 process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00021000', u'virtual_address': u'0x00008000', u'entropy': 7.684401062447425, u'name': u'.rdata', u'virtual_size': u'0x00020c82'}

entropy

7.68440106245

description

A section with a high entropy has been found

entropy

0.717391304348

description

Overall entropy of this PE file is high

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Sept. 12, 2021, 2:44 p.m.	tid: 2024 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 24 AntiVirus engines on VirusTotal as malicious (24 events)

Elastic	malicious (high confidence)
McAfee	RDN/Generic
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Application/Banker.cc9eee7e
Symantec	Packed.Generic.517
ESET-NOD32	a variant of Win32/Kryptik.HMJX
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Downloader.Win32.Cridex.mjp
Avast	Win32:BankerX-gen [Trj]
Rising	Trojan.Generic@ML.85 (RDMK:kwgXQ2/VzJE9618eryHxwA)
Sophos	Mal/Generic-S
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.95f58081bf238bb8
Ikarus	Trojan-Banker.Dridex
ZoneAlarm	Trojan-Downloader.Win32.Cridex.mjp
Microsoft	Trojan:Win32/Wacatac.B!ml
Cylance	Unsafe
SentinelOne	Static AI - Suspicious PE
Fortinet	W32/PossibleThreat
BitDefenderTheta	Gen:NN.ZedlaF.34142.lu8@a0DHcWci
AVG	Win32:BankerX-gen [Trj]

6_cmi2migxml.dll.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All