Summary | ZeroBOX

oKwqQ.png

Malicious Library PE32 PE File DLL
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 28, 2021, 11:06 a.m. Oct. 28, 2021, 11:17 a.m.
Size 1.0MB
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 edadfd868f1dd7590ec7c9581eaa146d
SHA256 3d13e7a3703b143a8210510410bf7f18bc7494ac87248f36fcbe626d93e9017f
CRC32 4329C63B
ssdeep 24576:mjsXggYiykQsMy2GSuCAaimSQws2yyq+YoWEUK6ES0wOyeSGwswWquEQq2GiMcig:X
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf47a4 okwqq+0x660c
exception.address: 0x73f9660c
registers.esp: 980324
registers.edi: 638927872
registers.eax: 1
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf479d okwqq+0x6613
exception.address: 0x73f96613
registers.esp: 980324
registers.edi: 638927872
registers.eax: 1
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 eb cd
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf4796 okwqq+0x661a
exception.address: 0x73f9661a
registers.esp: 980324
registers.edi: 638927872
registers.eax: 1
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 eb cd 8b 04 24 64 a3 00 00
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf478f okwqq+0x6621
exception.address: 0x73f96621
registers.esp: 980324
registers.edi: 638927872
registers.eax: 1
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf47a4 okwqq+0x660c
exception.address: 0x73f9660c
registers.esp: 980324
registers.edi: 638927872
registers.eax: 2
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf479d okwqq+0x6613
exception.address: 0x73f96613
registers.esp: 980324
registers.edi: 638927872
registers.eax: 2
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 eb cd
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf4796 okwqq+0x661a
exception.address: 0x73f9661a
registers.esp: 980324
registers.edi: 638927872
registers.eax: 2
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 eb cd 8b 04 24 64 a3 00 00
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf478f okwqq+0x6621
exception.address: 0x73f96621
registers.esp: 980324
registers.edi: 638927872
registers.eax: 2
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf47a4 okwqq+0x660c
exception.address: 0x73f9660c
registers.esp: 980324
registers.edi: 638927872
registers.eax: 3
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf479d okwqq+0x6613
exception.address: 0x73f96613
registers.esp: 980324
registers.edi: 638927872
registers.eax: 3
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 eb cd
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf4796 okwqq+0x661a
exception.address: 0x73f9661a
registers.esp: 980324
registers.edi: 638927872
registers.eax: 3
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 eb cd 8b 04 24 64 a3 00 00
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf478f okwqq+0x6621
exception.address: 0x73f96621
registers.esp: 980324
registers.edi: 638927872
registers.eax: 3
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf47a4 okwqq+0x660c
exception.address: 0x73f9660c
registers.esp: 980324
registers.edi: 638927872
registers.eax: 4
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf479d okwqq+0x6613
exception.address: 0x73f96613
registers.esp: 980324
registers.edi: 638927872
registers.eax: 4
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 eb cd
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf4796 okwqq+0x661a
exception.address: 0x73f9661a
registers.esp: 980324
registers.edi: 638927872
registers.eax: 4
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 eb cd 8b 04 24 64 a3 00 00
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf478f okwqq+0x6621
exception.address: 0x73f96621
registers.esp: 980324
registers.edi: 638927872
registers.eax: 4
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf47a4 okwqq+0x660c
exception.address: 0x73f9660c
registers.esp: 980324
registers.edi: 638927872
registers.eax: 5
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf479d okwqq+0x6613
exception.address: 0x73f96613
registers.esp: 980324
registers.edi: 638927872
registers.eax: 5
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 eb cd
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf4796 okwqq+0x661a
exception.address: 0x73f9661a
registers.esp: 980324
registers.edi: 638927872
registers.eax: 5
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 eb cd 8b 04 24 64 a3 00 00
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf478f okwqq+0x6621
exception.address: 0x73f96621
registers.esp: 980324
registers.edi: 638927872
registers.eax: 5
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf47a4 okwqq+0x660c
exception.address: 0x73f9660c
registers.esp: 980324
registers.edi: 638927872
registers.eax: 6
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf479d okwqq+0x6613
exception.address: 0x73f96613
registers.esp: 980324
registers.edi: 638927872
registers.eax: 6
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 eb cd
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf4796 okwqq+0x661a
exception.address: 0x73f9661a
registers.esp: 980324
registers.edi: 638927872
registers.eax: 6
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 eb cd 8b 04 24 64 a3 00 00
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf478f okwqq+0x6621
exception.address: 0x73f96621
registers.esp: 980324
registers.edi: 638927872
registers.eax: 6
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf47a4 okwqq+0x660c
exception.address: 0x73f9660c
registers.esp: 980324
registers.edi: 638927872
registers.eax: 7
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf479d okwqq+0x6613
exception.address: 0x73f96613
registers.esp: 980324
registers.edi: 638927872
registers.eax: 7
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 eb cd
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf4796 okwqq+0x661a
exception.address: 0x73f9661a
registers.esp: 980324
registers.edi: 638927872
registers.eax: 7
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 eb cd 8b 04 24 64 a3 00 00
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf478f okwqq+0x6621
exception.address: 0x73f96621
registers.esp: 980324
registers.edi: 638927872
registers.eax: 7
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf47a4 okwqq+0x660c
exception.address: 0x73f9660c
registers.esp: 980324
registers.edi: 638927872
registers.eax: 8
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf479d okwqq+0x6613
exception.address: 0x73f96613
registers.esp: 980324
registers.edi: 638927872
registers.eax: 8
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 eb cd
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf4796 okwqq+0x661a
exception.address: 0x73f9661a
registers.esp: 980324
registers.edi: 638927872
registers.eax: 8
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 eb cd 8b 04 24 64 a3 00 00
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf478f okwqq+0x6621
exception.address: 0x73f96621
registers.esp: 980324
registers.edi: 638927872
registers.eax: 8
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf47a4 okwqq+0x660c
exception.address: 0x73f9660c
registers.esp: 980324
registers.edi: 638927872
registers.eax: 9
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf479d okwqq+0x6613
exception.address: 0x73f96613
registers.esp: 980324
registers.edi: 638927872
registers.eax: 9
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 eb cd
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf4796 okwqq+0x661a
exception.address: 0x73f9661a
registers.esp: 980324
registers.edi: 638927872
registers.eax: 9
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 eb cd 8b 04 24 64 a3 00 00
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf478f okwqq+0x6621
exception.address: 0x73f96621
registers.esp: 980324
registers.edi: 638927872
registers.eax: 9
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf47a4 okwqq+0x660c
exception.address: 0x73f9660c
registers.esp: 980324
registers.edi: 638927872
registers.eax: 10
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf479d okwqq+0x6613
exception.address: 0x73f96613
registers.esp: 980324
registers.edi: 638927872
registers.eax: 10
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 eb cd
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf4796 okwqq+0x661a
exception.address: 0x73f9661a
registers.esp: 980324
registers.edi: 638927872
registers.eax: 10
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 eb cd 8b 04 24 64 a3 00 00
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf478f okwqq+0x6621
exception.address: 0x73f96621
registers.esp: 980324
registers.edi: 638927872
registers.eax: 10
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf47a4 okwqq+0x660c
exception.address: 0x73f9660c
registers.esp: 980324
registers.edi: 638927872
registers.eax: 11
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf479d okwqq+0x6613
exception.address: 0x73f96613
registers.esp: 980324
registers.edi: 638927872
registers.eax: 11
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 eb cd
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf4796 okwqq+0x661a
exception.address: 0x73f9661a
registers.esp: 980324
registers.edi: 638927872
registers.eax: 11
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 eb cd 8b 04 24 64 a3 00 00
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf478f okwqq+0x6621
exception.address: 0x73f96621
registers.esp: 980324
registers.edi: 638927872
registers.eax: 11
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf47a4 okwqq+0x660c
exception.address: 0x73f9660c
registers.esp: 980324
registers.edi: 638927872
registers.eax: 12
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf479d okwqq+0x6613
exception.address: 0x73f96613
registers.esp: 980324
registers.edi: 638927872
registers.eax: 12
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 eb cd
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf4796 okwqq+0x661a
exception.address: 0x73f9661a
registers.esp: 980324
registers.edi: 638927872
registers.eax: 12
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 eb cd 8b 04 24 64 a3 00 00
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf478f okwqq+0x6621
exception.address: 0x73f96621
registers.esp: 980324
registers.edi: 638927872
registers.eax: 12
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf47a4 okwqq+0x660c
exception.address: 0x73f9660c
registers.esp: 980324
registers.edi: 638927872
registers.eax: 13
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0

__exception__

stacktrace:
FFRgpmdlwwWde-0xf687b okwqq+0x4535 @ 0x73f94535
FFRgpmdlwwWde-0xf907e okwqq+0x1d32 @ 0x73f91d32
RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77579930
LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7757d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7757d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7757c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x741cd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x76781d2a
rundll32+0x14ed @ 0xad14ed
rundll32+0x1baf @ 0xad1baf
rundll32+0x12e8 @ 0xad12e8
rundll32+0x1901 @ 0xad1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763733ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5

exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol: FFRgpmdlwwWde-0xf479d okwqq+0x6613
exception.address: 0x73f96613
registers.esp: 980324
registers.edi: 638927872
registers.eax: 13
registers.ebp: 980416
registers.edx: 603412
registers.ebx: 1946725717
registers.esi: 98
registers.ecx: 510398050
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2480
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74191000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2480
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76551000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2480
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76511000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2480
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x76b21000
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x000f5000', u'virtual_address': u'0x00007000', u'entropy': 7.11997449317657, u'name': u'.rdata', u'virtual_size': u'0x000f481b'} entropy 7.11997449318 description A section with a high entropy has been found
entropy 0.921052631579 description Overall entropy of this PE file is high
Elastic malicious (high confidence)
FireEye Generic.mg.edadfd868f1dd759
McAfee Drixed-FJX!EDADFD868F1D
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
BitDefenderTheta Gen:NN.ZedlaF.34236.cv8@aSIWIfe
Symantec ML.Attribute.HighConfidence
APEX Malicious
NANO-Antivirus Virus.Win32.Gen.ccmw
Sophos ML/PE-A
McAfee-GW-Edition Drixed-FJX!EDADFD868F1D
SentinelOne Static AI - Suspicious PE
Cynet Malicious (score: 100)
Malwarebytes Malware.Heuristic.1001
Time & API Arguments Status Return Repeated

__anomaly__

tid: 2484
message: Encountered 65537 exceptions, quitting.
subcategory: exception
function_name:
1 0 0