popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

03fdbbbb.dll

Malicious Library PE64 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 18, 2023, 6:10 p.m. July 18, 2023, 6:10 p.m.
Size 135.5KB
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 5879c02976fe70a64d9dbc0d38b8b973
SHA256 fbad5d82bf9cd03974e24f4f4ea8d794e40885afe7f6cd36cd6a8cd722dd1a88
CRC32 3374AC3D
ssdeep 3072:ni/QhtPjMiqUyqEBzJvl+AKetjEA0e06OHFEGuWk4z:3DjMdFJvUbuWka
PDB Path msdatl3.pdb
Yara
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
pdb_path msdatl3.pdb
section .sdbid
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
t?4CBaseObjBoko@@QEAAAEAV0@AEBV0@@Z+0x130 tIsZombie@CBaseObjZombie@@QEAAHXZ-0x40 03fdbbbb+0x2520 @ 0x180002520
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 89 51 08 48 8d 05 26 0f 01 00 33 d2 48 89 01 89
exception.instruction: mov dword ptr [rcx + 8], edx
exception.exception_code: 0xc0000005
exception.symbol: t?4CBaseObjBoko@@QEAAAEAV0@AEBV0@@Z+0x130 tIsZombie@CBaseObjZombie@@QEAAHXZ-0x40 03fdbbbb+0x2520
exception.address: 0x180002520
registers.r14: 0
registers.r15: 0
registers.rcx: 131456
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2358320
registers.r11: 2357408
registers.r8: 2802018
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 131456
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CBitArray@@QEAA@XZ+0x2 t?1CBitArray@@QEAA@XZ-0x1e 03fdbbbb+0x9822 @ 0x180009822
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 48 89 41 10 48 8b c1 c3 cc cc cc cc cc
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?0CBitArray@@QEAA@XZ+0x2 t?1CBitArray@@QEAA@XZ-0x1e 03fdbbbb+0x9822
exception.address: 0x180009822
registers.r14: 0
registers.r15: 0
registers.rcx: 262432
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2489872
registers.r11: 2488960
registers.r8: 3916010
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CBaseObj@@IEAA@W4EBaseObjectType@@PEAUIUnknown@@PEAJ_N@Z+0x7 tFInit@CBaseObj@@IEAAJXZ-0x39 03fdbbbb+0x96b7 @ 0x1800096b7
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 89 51 08 33 d2 48 89 01 4d 85 c0 89 51 30 48 8b
exception.instruction: mov dword ptr [rcx + 8], edx
exception.exception_code: 0xc0000005
exception.symbol: t?0CBaseObj@@IEAA@W4EBaseObjectType@@PEAUIUnknown@@PEAJ_N@Z+0x7 tFInit@CBaseObj@@IEAAJXZ-0x39 03fdbbbb+0x96b7
exception.address: 0x1800096b7
registers.r14: 0
registers.r15: 0
registers.rcx: 131454
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2489248
registers.r11: 2488336
registers.r8: 4309398
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442529872
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CClassFactory@@AEAA@XZ+0x7 t?0CClassFactory@@QEAA@AEBV0@@Z-0x19 03fdbbbb+0x2127 @ 0x180002127
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: c7 41 08 00 00 00 00 48 89 01 48 8b c1 c3 cc cc
exception.instruction: mov dword ptr [rcx + 8], 0
exception.exception_code: 0xc0000005
exception.symbol: t?0CClassFactory@@AEAA@XZ+0x7 t?0CClassFactory@@QEAA@AEBV0@@Z-0x19 03fdbbbb+0x2127
exception.address: 0x180002127
registers.r14: 0
registers.r15: 0
registers.rcx: 262470
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 851424
registers.r11: 850512
registers.r8: 2998514
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442529672
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
?ReadUnlock@CReaderWriterLock2@@QEAAXXZ+0x1df ?WriteLock@CReaderWriterLock3AR@@QEAAXXZ-0xe1 msdart+0x167f @ 0x7fef9ac167f
MPInitializeCriticalSectionAndSpinCount+0x85 ?LockType@?$CLockBase@$00$00$02$00$02$01@@SA?AW4LOCK_LOCKTYPE@@XZ-0x15b msdart+0x1305 @ 0x7fef9ac1305
MPInitializeCriticalSection+0x21 ?ReadOrWriteLock@CReaderWriterLock3AR@@QEAA_NXZ-0x3f msdart+0x1821 @ 0x7fef9ac1821
t?0CEnum@@QEAA@PEAUIUnknown@@KPEAPEAXU_GUID@@_KKW4CENUMTYPE@@@Z+0x2c t?1CEnum@@QEAA@XZ-0xa4 03fdbbbb+0x907c @ 0x18000907c
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 49 c7 06 00 00 00 00 48 8b 5c 24 58 48 83 c4 20
exception.instruction: mov qword ptr [r14], 0
exception.exception_code: 0xc0000005
exception.symbol: ?ReadUnlock@CReaderWriterLock2@@QEAAXXZ+0x1df ?WriteLock@CReaderWriterLock3AR@@QEAAXXZ-0xe1 msdart+0x167f
exception.address: 0x7fef9ac167f
registers.r14: 0
registers.r15: 0
registers.rcx: 30093608
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2030512
registers.r11: 2029600
registers.r8: 0
registers.r9: 10
registers.rdx: 0
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CEnumConnectionPoints@@QEAA@PEAUIUnknown@@KPEAPEAUIConnectionPoint@@@Z+0x7c t?1CEnumConnectionPoints@@QEAA@XZ-0x64 03fdbbbb+0x490c @ 0x18000490c
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 8b 0c fa eb 12 48 8b 4b 30 48 0f af c8 8b 43
exception.instruction: mov rcx, qword ptr [rdx + rdi*8]
exception.exception_code: 0xc0000005
exception.symbol: t?0CEnumConnectionPoints@@QEAA@PEAUIUnknown@@KPEAPEAUIConnectionPoint@@@Z+0x7c t?1CEnumConnectionPoints@@QEAA@XZ-0x64 03fdbbbb+0x490c
exception.address: 0x18000490c
registers.r14: 0
registers.r15: 0
registers.rcx: 1994794208
registers.rsi: 0
registers.r10: 1994816592
registers.rbx: 0
registers.rsp: 2489520
registers.r11: 3950944
registers.r8: 3950912
registers.r9: 3950928
registers.rdx: 10
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
?ReadUnlock@CReaderWriterLock2@@QEAAXXZ+0x1df ?WriteLock@CReaderWriterLock3AR@@QEAAXXZ-0xe1 msdart+0x167f @ 0x7fef9ac167f
MPInitializeCriticalSectionAndSpinCount+0x85 ?LockType@?$CLockBase@$00$00$02$00$02$01@@SA?AW4LOCK_LOCKTYPE@@XZ-0x15b msdart+0x1305 @ 0x7fef9ac1305
MPInitializeCriticalSection+0x21 ?ReadOrWriteLock@CReaderWriterLock3AR@@QEAA_NXZ-0x3f msdart+0x1821 @ 0x7fef9ac1821
t?0CEnumConnections@@QEAA@PEAUIUnknown@@PEAUtagCONNECTDATA@@K@Z+0x37 t?1CEnumConnections@@QEAA@XZ-0xa9 03fdbbbb+0x4ac7 @ 0x180004ac7
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 49 c7 06 00 00 00 00 48 8b 5c 24 58 48 83 c4 20
exception.instruction: mov qword ptr [r14], 0
exception.exception_code: 0xc0000005
exception.symbol: ?ReadUnlock@CReaderWriterLock2@@QEAAXXZ+0x1df ?WriteLock@CReaderWriterLock3AR@@QEAAXXZ-0xe1 msdart+0x167f
exception.address: 0x7fef9ac167f
registers.r14: 0
registers.r15: 0
registers.rcx: 32518440
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2686736
registers.r11: 2685824
registers.r8: 0
registers.r9: 10
registers.rdx: 0
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CExtBuffer@@QEAA@XZ+0x2 t?1CExtBuffer@@QEAA@XZ-0x1e 03fdbbbb+0xb0a2 @ 0x18000b0a2
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 48 89 41 08 48 89 41 10 48 89 41 18 48
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?0CExtBuffer@@QEAA@XZ+0x2 t?1CExtBuffer@@QEAA@XZ-0x1e 03fdbbbb+0xb0a2
exception.address: 0x18000b0a2
registers.r14: 0
registers.r15: 0
registers.rcx: 262458
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 917248
registers.r11: 916336
registers.r8: 2867436
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CHashTblAggr@@QEAA@AEBV0@@Z+0x7 t?4CHashTblAggr@@QEAAAEAV0@AEBV0@@Z-0x29 03fdbbbb+0x2017 @ 0x180002017
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 48 8b 42 08 48 89 41 08 8b 42 10 89 41
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?0CHashTblAggr@@QEAA@AEBV0@@Z+0x7 t?4CHashTblAggr@@QEAAAEAV0@AEBV0@@Z-0x29 03fdbbbb+0x2017
exception.address: 0x180002017
registers.r14: 0
registers.r15: 0
registers.rcx: 131538
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2686448
registers.r11: 2685536
registers.r8: 4571404
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442529408
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CHeapDispenser@@QEAA@$$QEAV0@@Z+0x7 t?4CHeapDispenser@@QEAAAEAV0@$$QEAV0@@Z-0x19 03fdbbbb+0x1097 @ 0x180001097
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 48 8b c1 c3 cc cc cc cc cc cc cc cc cc
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?0CHeapDispenser@@QEAA@$$QEAV0@@Z+0x7 t?4CHeapDispenser@@QEAAAEAV0@$$QEAV0@@Z-0x19 03fdbbbb+0x1097
exception.address: 0x180001097
registers.r14: 0
registers.r15: 0
registers.rcx: 131678
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1309264
registers.r11: 1308352
registers.r8: 2343184
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442529168
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CRowsetConnectionPointContainer@@QEAA@PEAUIUnknown@@@Z+0xa tInit@CRowsetConnectionPointContainer@@QEAAJXZ-0x26 03fdbbbb+0x44da @ 0x1800044da
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 33 c0 4c 89 41 08 48 89 41 20 48 8b c1
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?0CRowsetConnectionPointContainer@@QEAA@PEAUIUnknown@@@Z+0xa tInit@CRowsetConnectionPointContainer@@QEAAJXZ-0x26 03fdbbbb+0x44da
exception.address: 0x1800044da
registers.r14: 0
registers.r15: 0
registers.rcx: 131800
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2160800
registers.r11: 2159888
registers.r8: 0
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442529096
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CSlotListLong@@QEAA@XZ+0x7 t?1CSlotListLong@@UEAA@XZ-0x29 03fdbbbb+0xc5e7 @ 0x18000c5e7
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 33 c0 48 89 41 08 48 89 41 28 48 89 41
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?0CSlotListLong@@QEAA@XZ+0x7 t?1CSlotListLong@@UEAA@XZ-0x29 03fdbbbb+0xc5e7
exception.address: 0x18000c5e7
registers.r14: 0
registers.r15: 0
registers.rcx: 131858
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1178224
registers.r11: 1177312
registers.r8: 2408690
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442529432
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CUtlPropInfo@@QEAA@AEBV0@@Z+0x7 t?4CUtlPropInfo@@QEAAAEAV0@AEBV0@@Z-0x39 03fdbbbb+0x2727 @ 0x180002727
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 48 8b 42 08 48 89 41 08 8b 42 10 89 41
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?0CUtlPropInfo@@QEAA@AEBV0@@Z+0x7 t?4CUtlPropInfo@@QEAAAEAV0@AEBV0@@Z-0x39 03fdbbbb+0x2727
exception.address: 0x180002727
registers.r14: 0
registers.r15: 0
registers.rcx: 131860
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1113120
registers.r11: 1112208
registers.r8: 3129612
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442528912
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CUtlProps2@@QEAA@AEBV0@@Z+0xa t?4CUtlProps2@@QEAAAEAV0@AEBV0@@Z-0x166 03fdbbbb+0x28ca @ 0x1800028ca
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 4c 8b ca 8b 42 08 89 41 08 8b 42 0c 89
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?0CUtlProps2@@QEAA@AEBV0@@Z+0xa t?4CUtlProps2@@QEAAAEAV0@AEBV0@@Z-0x166 03fdbbbb+0x28ca
exception.address: 0x1800028ca
registers.r14: 0
registers.r15: 0
registers.rcx: 131872
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2685472
registers.r11: 2684560
registers.r8: 131872
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442529712
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CUtlProps2@@QEAA@AEBV0@@Z+0xa t?4CUtlProps2@@QEAAAEAV0@AEBV0@@Z-0x166 03fdbbbb+0x28ca @ 0x1800028ca
t?0CUtlPropsFastLookup2@@QEAA@$$QEAV0@@Z+0xe t?4CUtlPropsFastLookup2@@QEAAAEAV0@$$QEAV0@@Z-0x22 03fdbbbb+0x2fce @ 0x180002fce
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 4c 8b ca 8b 42 08 89 41 08 8b 42 0c 89
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?0CUtlProps2@@QEAA@AEBV0@@Z+0xa t?4CUtlProps2@@QEAAAEAV0@AEBV0@@Z-0x166 03fdbbbb+0x28ca
exception.address: 0x1800028ca
registers.r14: 0
registers.r15: 0
registers.rcx: 131896
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1703696
registers.r11: 1702784
registers.r8: 131896
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442529712
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CUtlProps2@@QEAA@AEBV0@@Z+0xa t?4CUtlProps2@@QEAAAEAV0@AEBV0@@Z-0x166 03fdbbbb+0x28ca @ 0x1800028ca
t?0CUtlPropsFastLookup2@@QEAA@$$QEAV0@@Z+0xe t?4CUtlPropsFastLookup2@@QEAAAEAV0@$$QEAV0@@Z-0x22 03fdbbbb+0x2fce @ 0x180002fce
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 4c 8b ca 8b 42 08 89 41 08 8b 42 0c 89
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?0CUtlProps2@@QEAA@AEBV0@@Z+0xa t?4CUtlProps2@@QEAAAEAV0@AEBV0@@Z-0x166 03fdbbbb+0x28ca
exception.address: 0x1800028ca
registers.r14: 0
registers.r15: 0
registers.rcx: 131898
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1310000
registers.r11: 1309088
registers.r8: 131898
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442529712
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CUtlPropsFastLookup2@@QEAA@K@Z+0x2 tGetUPropValIndex@CUtlPropsFastLookup2@@MEAAKKK@Z-0x4e 03fdbbbb+0x8db2 @ 0x180008db2
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 89 51 0c 89 41 10 89 41 28 89 41 08 48 89 41 20
exception.instruction: mov dword ptr [rcx + 0xc], edx
exception.exception_code: 0xc0000005
exception.symbol: t?0CUtlPropsFastLookup2@@QEAA@K@Z+0x2 tGetUPropValIndex@CUtlPropsFastLookup2@@MEAAKKK@Z-0x4e 03fdbbbb+0x8db2
exception.address: 0x180008db2
registers.r14: 0
registers.r15: 0
registers.rcx: 131904
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1046928
registers.r11: 1046016
registers.r8: 2408722
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
tAllocBuffer@CWString@@IEAAXH@Z+0x55 tEmpty@CWString@@QEAAXXZ-0x6b 03fdbbbb+0xa015 @ 0x18000a015
t?0CWString@@QEAA@PEBD@Z+0x5c tAssignCopy@CWString@@IEAAXHPEBG@Z-0x74 03fdbbbb+0xa29c @ 0x18000a29c
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 03 48 85 c0 75 1e 48 8d 05 cc 36 01 00 c6
exception.instruction: mov qword ptr [rbx], rax
exception.exception_code: 0xc0000005
exception.symbol: tAllocBuffer@CWString@@IEAAXH@Z+0x55 tEmpty@CWString@@QEAAXXZ-0x6b 03fdbbbb+0xa015
exception.address: 0x18000a015
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 285
registers.rbx: 0
registers.rsp: 2489664
registers.r11: 1
registers.r8: 29
registers.r9: 314
registers.rdx: 32062944
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 32062944
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0CWString@@QEAA@PEBE@Z+0x8 t?4CWString@@QEAAAEBV0@PEBE@Z-0x38 03fdbbbb+0x11d8 @ 0x1800011d8
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: c6 41 10 00 48 89 41 08 48 8b d9 48 8d 05 06 c5
exception.instruction: mov byte ptr [rcx + 0x10], 0
exception.exception_code: 0xc0000005
exception.symbol: t?0CWString@@QEAA@PEBE@Z+0x8 t?4CWString@@QEAAAEBV0@PEBE@Z-0x38 03fdbbbb+0x11d8
exception.address: 0x1800011d8
registers.r14: 0
registers.r15: 0
registers.rcx: 132014
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1046544
registers.r11: 1045632
registers.r8: 1556720
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
tAllocBuffer@CWString@@IEAAXH@Z+0x55 tEmpty@CWString@@QEAAXXZ-0x6b 03fdbbbb+0xa015 @ 0x18000a015
t?0CWString@@QEAA@PEBGH@Z+0x4c t?4CWString@@QEAAAEBV0@G@Z-0x34 03fdbbbb+0xac8c @ 0x18000ac8c
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 03 48 85 c0 75 1e 48 8d 05 cc 36 01 00 c6
exception.instruction: mov qword ptr [rbx], rax
exception.exception_code: 0xc0000005
exception.symbol: tAllocBuffer@CWString@@IEAAXH@Z+0x55 tEmpty@CWString@@QEAAXXZ-0x6b 03fdbbbb+0xa015
exception.address: 0x18000a015
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1572112
registers.r11: 514
registers.r8: 32506136
registers.r9: 1568352
registers.rdx: 38535168
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 38535232
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0IHashTbl@@QEAA@AEBV0@@Z+0x7 tAdjustRange@CHashTbl@@CAKK@Z-0xd9 03fdbbbb+0x1d67 @ 0x180001d67
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 48 8b c1 c3 cc cc cc cc cc cc cc cc cc
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?0IHashTbl@@QEAA@AEBV0@@Z+0x7 tAdjustRange@CHashTbl@@CAKK@Z-0xd9 03fdbbbb+0x1d67
exception.address: 0x180001d67
registers.r14: 0
registers.r15: 0
registers.rcx: 197654
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 720336
registers.r11: 719424
registers.r8: 1294568
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442529528
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?0ISlotList@@QEAA@AEBV0@@Z+0x7 t?0CSlotListShort@@QEAA@AEBV0@@Z-0xd9 03fdbbbb+0x17c7 @ 0x1800017c7
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 48 8b c1 c3 cc cc cc cc cc cc cc cc cc
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?0ISlotList@@QEAA@AEBV0@@Z+0x7 t?0CSlotListShort@@QEAA@AEBV0@@Z-0xd9 03fdbbbb+0x17c7
exception.address: 0x1800017c7
registers.r14: 0
registers.r15: 0
registers.rcx: 132152
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1768800
registers.r11: 1767888
registers.r8: 2474218
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442529576
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?1CBaseObj@@UEAA@XZ+0xe tMakeZombies@CBaseObjBoko@@QEAAXXZ-0x32 03fdbbbb+0x237e @ 0x18000237e
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: f0 ff 08 80 79 20 00 74 16 48 83 c1 18 48 83 39
exception.instruction: dec dword ptr [rax]
exception.exception_code: 0xc0000005
exception.symbol: t?1CBaseObj@@UEAA@XZ+0xe tMakeZombies@CBaseObjBoko@@QEAAXXZ-0x32 03fdbbbb+0x237e
exception.address: 0x18000237e
registers.r14: 0
registers.r15: 0
registers.rcx: 66648
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2422896
registers.r11: 2421984
registers.r8: 3260656
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?1CBaseObj@@UEAA@XZ+0xe tMakeZombies@CBaseObjBoko@@QEAAXXZ-0x32 03fdbbbb+0x237e @ 0x18000237e
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: f0 ff 08 80 79 20 00 74 16 48 83 c1 18 48 83 39
exception.instruction: dec dword ptr [rax]
exception.exception_code: 0xc0000005
exception.symbol: t?1CBaseObj@@UEAA@XZ+0xe tMakeZombies@CBaseObjBoko@@QEAAXXZ-0x32 03fdbbbb+0x237e
exception.address: 0x18000237e
registers.r14: 0
registers.r15: 0
registers.rcx: 66684
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 982240
registers.r11: 981328
registers.r8: 2539752
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?1CBaseObj@@UEAA@XZ+0xe tMakeZombies@CBaseObjBoko@@QEAAXXZ-0x32 03fdbbbb+0x237e @ 0x18000237e
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: f0 ff 08 80 79 20 00 74 16 48 83 c1 18 48 83 39
exception.instruction: dec dword ptr [rax]
exception.exception_code: 0xc0000005
exception.symbol: t?1CBaseObj@@UEAA@XZ+0xe tMakeZombies@CBaseObjBoko@@QEAAXXZ-0x32 03fdbbbb+0x237e
exception.address: 0x18000237e
registers.r14: 0
registers.r15: 0
registers.rcx: 66706
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2030896
registers.r11: 2029984
registers.r8: 3981556
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 0
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?1CClassFactory@@QEAA@XZ+0x7 tQueryInterface@CClassFactory@@UEAAJAEBU_GUID@@PEAPEAX@Z-0x19 03fdbbbb+0x9d97 @ 0x180009d97
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 48 8b 41 18 f0 ff 08 c3 cc cc cc cc cc
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?1CClassFactory@@QEAA@XZ+0x7 tQueryInterface@CClassFactory@@UEAAJAEBU_GUID@@PEAPEAX@Z-0x19 03fdbbbb+0x9d97
exception.address: 0x180009d97
registers.r14: 0
registers.r15: 0
registers.rcx: 132292
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 981456
registers.r11: 980544
registers.r8: 1884402
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442529672
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?1CEnumConnections@@QEAA@XZ+0x7 tClone@CEnumConnections@@UEAAJPEAPEAUIEnumConnections@@@Z-0x19 03fdbbbb+0x4b77 @ 0x180004b77
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 48 83 c1 08 e9 9d 45 00 00 cc cc cc cc
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?1CEnumConnections@@QEAA@XZ+0x7 tClone@CEnumConnections@@UEAAJPEAPEAUIEnumConnections@@@Z-0x19 03fdbbbb+0x4b77
exception.address: 0x180004b77
registers.r14: 0
registers.r15: 0
registers.rcx: 132330
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2357568
registers.r11: 2356656
registers.r8: 2801928
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442528856
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?1CRowsetConnectionPoint@@QEAA@XZ+0x23 tAdvise@CRowsetConnectionPoint@@UEAAJPEAUIUnknown@@PEAK@Z-0xed 03fdbbbb+0x4e93 @ 0x180004e93
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 48 83 79 30 00 74 29 0f 1f 00 48 8b 43
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?1CRowsetConnectionPoint@@QEAA@XZ+0x23 tAdvise@CRowsetConnectionPoint@@UEAAJPEAUIUnknown@@PEAK@Z-0xed 03fdbbbb+0x4e93
exception.address: 0x180004e93
registers.r14: 0
registers.r15: 0
registers.rcx: 197866
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2161008
registers.r11: 2160096
registers.r8: 4047124
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442528792
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
t?1CRowsetConnectionPointContainer@@QEAA@XZ+0x14 tQueryInterface@CRowsetConnectionPointContainer@@UEAAJAEBU_GUID@@PEAPEAX@Z-0xac 03fdbbbb+0x46a4 @ 0x1800046a4
rundll32+0x2f42 @ 0xffb52f42
rundll32+0x3b7a @ 0xffb53b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 89 01 48 8b 41 08 48 85 c0 0f 84 84 00 00 00
exception.instruction: mov qword ptr [rcx], rax
exception.exception_code: 0xc0000005
exception.symbol: t?1CRowsetConnectionPointContainer@@QEAA@XZ+0x14 tQueryInterface@CRowsetConnectionPointContainer@@UEAAJAEBU_GUID@@PEAPEAX@Z-0xac 03fdbbbb+0x46a4
exception.address: 0x1800046a4
registers.r14: 0
registers.r15: 0
registers.rcx: 197830
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2620576
registers.r11: 2619664
registers.r8: 4112710
registers.r9: 10
registers.rdx: 4290052096
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 6442529096
registers.r13: 0
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2924
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2068
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3068
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2584
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2688
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2888
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2104
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2516
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3004
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2916
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2940
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2508
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2692
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3120
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3420
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3848
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3980
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3136
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3316
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3724
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3080
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3908
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3816
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4120
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4220
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4508
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4720
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4964
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 5056
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4812
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4900
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4612
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4784
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 5096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4832
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4796
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 4216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x00005000', u'virtual_address': u'0x00020000', u'entropy': 7.313675670429033, u'name': u'.rsrc', u'virtual_size': u'0x000046d7'} entropy 7.31367567043 description A section with a high entropy has been found