Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Nov. 8, 2021, 1:39 p.m.	Nov. 8, 2021, 1:41 p.m.

Size	460.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`e44025fdc31cdce162ed7573b6c501f5`
SHA256	`ca38cbc0b86b49e80f1f6452c8444c7edff8028ac70b65bfc745dc69d7554b72`
CRC32	`B25C9B6B`
ssdeep	`12288:iZKEZNxJPdthZz/MqmOce24Wqa+cKdDSFczjJgiUCeoCqoE:iZKEr/1jhz17Px`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) IsDLL - (no description) Malicious_Library_Zero - Malicious_Library

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gTiBAFGxjBXmnkn.mp3.dll,
1132
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gTiBAFGxjBXmnkn.mp3.dll,DmlooirmFert
2140

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636d0 gtibafgxjbxmnkn+0x7adc exception.address: 0x74647adc registers.esp: 1044148 registers.edi: 1044232 registers.eax: 1 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 c0 02 83 e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c9 gtibafgxjbxmnkn+0x7ae3 exception.address: 0x74647ae3 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 1 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 c0 02 83 e8 02 83 e8 02 cc 83 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c2 gtibafgxjbxmnkn+0x7aea exception.address: 0x74647aea registers.esp: 1044148 registers.edi: 1044232 registers.eax: 1 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 eb c7 8b 04 24 64 a3 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636b5 gtibafgxjbxmnkn+0x7af7 exception.address: 0x74647af7 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 1 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636d0 gtibafgxjbxmnkn+0x7adc exception.address: 0x74647adc registers.esp: 1044148 registers.edi: 1044232 registers.eax: 2 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 c0 02 83 e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c9 gtibafgxjbxmnkn+0x7ae3 exception.address: 0x74647ae3 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 2 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 c0 02 83 e8 02 83 e8 02 cc 83 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c2 gtibafgxjbxmnkn+0x7aea exception.address: 0x74647aea registers.esp: 1044148 registers.edi: 1044232 registers.eax: 2 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 eb c7 8b 04 24 64 a3 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636b5 gtibafgxjbxmnkn+0x7af7 exception.address: 0x74647af7 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 2 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636d0 gtibafgxjbxmnkn+0x7adc exception.address: 0x74647adc registers.esp: 1044148 registers.edi: 1044232 registers.eax: 3 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 c0 02 83 e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c9 gtibafgxjbxmnkn+0x7ae3 exception.address: 0x74647ae3 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 3 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 c0 02 83 e8 02 83 e8 02 cc 83 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c2 gtibafgxjbxmnkn+0x7aea exception.address: 0x74647aea registers.esp: 1044148 registers.edi: 1044232 registers.eax: 3 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 eb c7 8b 04 24 64 a3 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636b5 gtibafgxjbxmnkn+0x7af7 exception.address: 0x74647af7 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 3 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636d0 gtibafgxjbxmnkn+0x7adc exception.address: 0x74647adc registers.esp: 1044148 registers.edi: 1044232 registers.eax: 4 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 c0 02 83 e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c9 gtibafgxjbxmnkn+0x7ae3 exception.address: 0x74647ae3 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 4 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 c0 02 83 e8 02 83 e8 02 cc 83 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c2 gtibafgxjbxmnkn+0x7aea exception.address: 0x74647aea registers.esp: 1044148 registers.edi: 1044232 registers.eax: 4 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 eb c7 8b 04 24 64 a3 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636b5 gtibafgxjbxmnkn+0x7af7 exception.address: 0x74647af7 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 4 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636d0 gtibafgxjbxmnkn+0x7adc exception.address: 0x74647adc registers.esp: 1044148 registers.edi: 1044232 registers.eax: 5 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 c0 02 83 e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c9 gtibafgxjbxmnkn+0x7ae3 exception.address: 0x74647ae3 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 5 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 c0 02 83 e8 02 83 e8 02 cc 83 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c2 gtibafgxjbxmnkn+0x7aea exception.address: 0x74647aea registers.esp: 1044148 registers.edi: 1044232 registers.eax: 5 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 eb c7 8b 04 24 64 a3 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636b5 gtibafgxjbxmnkn+0x7af7 exception.address: 0x74647af7 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 5 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636d0 gtibafgxjbxmnkn+0x7adc exception.address: 0x74647adc registers.esp: 1044148 registers.edi: 1044232 registers.eax: 6 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 c0 02 83 e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c9 gtibafgxjbxmnkn+0x7ae3 exception.address: 0x74647ae3 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 6 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 c0 02 83 e8 02 83 e8 02 cc 83 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c2 gtibafgxjbxmnkn+0x7aea exception.address: 0x74647aea registers.esp: 1044148 registers.edi: 1044232 registers.eax: 6 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 eb c7 8b 04 24 64 a3 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636b5 gtibafgxjbxmnkn+0x7af7 exception.address: 0x74647af7 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 6 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636d0 gtibafgxjbxmnkn+0x7adc exception.address: 0x74647adc registers.esp: 1044148 registers.edi: 1044232 registers.eax: 7 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 c0 02 83 e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c9 gtibafgxjbxmnkn+0x7ae3 exception.address: 0x74647ae3 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 7 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 c0 02 83 e8 02 83 e8 02 cc 83 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c2 gtibafgxjbxmnkn+0x7aea exception.address: 0x74647aea registers.esp: 1044148 registers.edi: 1044232 registers.eax: 7 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 eb c7 8b 04 24 64 a3 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636b5 gtibafgxjbxmnkn+0x7af7 exception.address: 0x74647af7 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 7 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636d0 gtibafgxjbxmnkn+0x7adc exception.address: 0x74647adc registers.esp: 1044148 registers.edi: 1044232 registers.eax: 8 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 c0 02 83 e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c9 gtibafgxjbxmnkn+0x7ae3 exception.address: 0x74647ae3 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 8 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 c0 02 83 e8 02 83 e8 02 cc 83 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c2 gtibafgxjbxmnkn+0x7aea exception.address: 0x74647aea registers.esp: 1044148 registers.edi: 1044232 registers.eax: 8 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 eb c7 8b 04 24 64 a3 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636b5 gtibafgxjbxmnkn+0x7af7 exception.address: 0x74647af7 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 8 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636d0 gtibafgxjbxmnkn+0x7adc exception.address: 0x74647adc registers.esp: 1044148 registers.edi: 1044232 registers.eax: 9 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 c0 02 83 e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c9 gtibafgxjbxmnkn+0x7ae3 exception.address: 0x74647ae3 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 9 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 c0 02 83 e8 02 83 e8 02 cc 83 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c2 gtibafgxjbxmnkn+0x7aea exception.address: 0x74647aea registers.esp: 1044148 registers.edi: 1044232 registers.eax: 9 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 eb c7 8b 04 24 64 a3 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636b5 gtibafgxjbxmnkn+0x7af7 exception.address: 0x74647af7 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 9 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636d0 gtibafgxjbxmnkn+0x7adc exception.address: 0x74647adc registers.esp: 1044148 registers.edi: 1044232 registers.eax: 10 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 c0 02 83 e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c9 gtibafgxjbxmnkn+0x7ae3 exception.address: 0x74647ae3 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 10 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 c0 02 83 e8 02 83 e8 02 cc 83 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c2 gtibafgxjbxmnkn+0x7aea exception.address: 0x74647aea registers.esp: 1044148 registers.edi: 1044232 registers.eax: 10 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 eb c7 8b 04 24 64 a3 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636b5 gtibafgxjbxmnkn+0x7af7 exception.address: 0x74647af7 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 10 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636d0 gtibafgxjbxmnkn+0x7adc exception.address: 0x74647adc registers.esp: 1044148 registers.edi: 1044232 registers.eax: 11 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 c0 02 83 e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c9 gtibafgxjbxmnkn+0x7ae3 exception.address: 0x74647ae3 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 11 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 c0 02 83 e8 02 83 e8 02 cc 83 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c2 gtibafgxjbxmnkn+0x7aea exception.address: 0x74647aea registers.esp: 1044148 registers.edi: 1044232 registers.eax: 11 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 eb c7 8b 04 24 64 a3 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636b5 gtibafgxjbxmnkn+0x7af7 exception.address: 0x74647af7 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 11 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636d0 gtibafgxjbxmnkn+0x7adc exception.address: 0x74647adc registers.esp: 1044148 registers.edi: 1044232 registers.eax: 12 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 c0 02 83 e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c9 gtibafgxjbxmnkn+0x7ae3 exception.address: 0x74647ae3 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 12 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 c0 02 83 e8 02 83 e8 02 cc 83 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c2 gtibafgxjbxmnkn+0x7aea exception.address: 0x74647aea registers.esp: 1044148 registers.edi: 1044232 registers.eax: 12 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 eb c7 8b 04 24 64 a3 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636b5 gtibafgxjbxmnkn+0x7af7 exception.address: 0x74647af7 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 12 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 e8 02 cc 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636d0 gtibafgxjbxmnkn+0x7adc exception.address: 0x74647adc registers.esp: 1044148 registers.edi: 1044232 registers.eax: 13 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1
__exception__ Nov. 8, 2021, 1:39 p.m.	stacktrace: DmlooirmFert-0x6586f gtibafgxjbxmnkn+0x593d @ 0x7464593d DmlooirmFert-0x6820c gtibafgxjbxmnkn+0x2fa0 @ 0x74642fa0 DmlooirmFert-0x68188 gtibafgxjbxmnkn+0x3024 @ 0x74643024 LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x7786d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x7786d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x7786c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7475d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75d71d2a rundll32+0x14ed @ 0x6414ed rundll32+0x1baf @ 0x641baf rundll32+0x12e8 @ 0x6412e8 rundll32+0x1901 @ 0x641901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x750933ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77869ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77869ea5 exception.instruction_r: cc 83 c0 02 83 e8 02 cc 83 c0 02 83 c0 02 83 e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DmlooirmFert-0x636c9 gtibafgxjbxmnkn+0x7ae3 exception.address: 0x74647ae3 registers.esp: 1044148 registers.edi: 1044232 registers.eax: 13 registers.ebp: 1044224 registers.edx: 603412 registers.ebx: 9785 registers.esi: 2218279849 registers.ecx: 70	1

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Nov. 8, 2021, 1:39 p.m.	process_identifier: 2140 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b91000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 8, 2021, 1:39 p.m.	process_identifier: 2140 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74381000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 8, 2021, 1:39 p.m.	process_identifier: 2140 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x746c1000 process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00063000', u'virtual_address': u'0x00009000', u'entropy': 7.515439781680131, u'name': u'.rdata', u'virtual_size': u'0x0006299e'}

entropy

7.51543978168

description

A section with a high entropy has been found

entropy

0.868421052632

description

Overall entropy of this PE file is high

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Nov. 8, 2021, 1:39 p.m.	tid: 2128 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.47323599
FireEye	Generic.mg.e44025fdc31cdce1
McAfee	Drixed-FJX!E44025FDC31C
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanDownloader:Win32/Cridex.349d0620
K7GW	Trojan ( 00589e161 )
K7AntiVirus	Trojan ( 00589e161 )
Cyren	W32/Convagent.H.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HNEO
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Downloader.Win32.Cridex.opw
BitDefender	Trojan.GenericKD.47323599
Avast	Win32:Trojan-gen
Ad-Aware	Trojan.GenericKD.47323599
Emsisoft	Trojan.GenericKD.47323599 (B)
Comodo	TrojWare.Win32.UMal.acwrz@0
DrWeb	Trojan.Dridex.776
TrendMicro	TROJ_FRS.0NA103K421
McAfee-GW-Edition	BehavesLike.Win32.Drixed.gc
Sophos	Mal/Generic-R + Mal/EncPk-APX
SentinelOne	Static AI - Suspicious PE
GData	Trojan.GenericKD.47323599
Jiangmin	TrojanDownloader.Cridex.ala
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Dridex.BKK!MTB
AhnLab-V3	Trojan/Win.Generic.R448551
BitDefenderTheta	Gen:NN.ZedlaF.34266.Cu8@aW@O8Hi
ALYac	Trojan.GenericKD.47323599
MAX	malware (ai score=81)
VBA32	TrojanDownloader.Convagent
Malwarebytes	Trojan.Dridex
TrendMicro-HouseCall	TROJ_FRS.0NA103K421
Rising	Trojan.Generic@ML.87 (RDMK:KHcFq5Mw0fTYiPvLcwxOXQ)
Yandex	Trojan.DL.Cridex!eegCPv9St6U
Ikarus	Trojan.Win32.Crypt
Fortinet	W32/Kryptik.HNEO!tr
AVG	Win32:Trojan-gen
Panda	Trj/GdSda.A

gTiBAFGxjBXmnkn.mp3

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All