6.8
高危
该样本未表现出任何异常!
重新分析
更多

6819d725c2e35db9085e02233b20812ff24bdb0b62d07f3ddbd25caa2c19b64b

66d1f9906b779bf90b43a69483ac3160.exe

分析耗时

110s

最近分析

文件大小

3.7MB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619648378.338875
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619648376.009875
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name DLL
resource name SYS
One or more processes crashed (50 out of 97 个事件)
Time & API Arguments Status Return Repeated
1619648378.947875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0xa30a4 @ 0x4a30a4
66d1f9906b779bf90b43a69483ac3160+0xa2ff2 @ 0x4a2ff2
66d1f9906b779bf90b43a69483ac3160+0xa2fb3 @ 0x4a2fb3
66d1f9906b779bf90b43a69483ac3160+0xfac79 @ 0x4fac79
66d1f9906b779bf90b43a69483ac3160+0xfe547 @ 0x4fe547
66d1f9906b779bf90b43a69483ac3160+0xfe85d @ 0x4fe85d
66d1f9906b779bf90b43a69483ac3160+0xfea0e @ 0x4fea0e
66d1f9906b779bf90b43a69483ac3160+0xfdb99 @ 0x4fdb99
66d1f9906b779bf90b43a69483ac3160+0x104e1b @ 0x504e1b
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702308
registers.edi: 59702496
registers.eax: 59702308
registers.ebp: 59702388
registers.edx: 0
registers.ebx: 4863996
registers.esi: 11004
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648383.744875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0xa30a4 @ 0x4a30a4
66d1f9906b779bf90b43a69483ac3160+0xa2ff2 @ 0x4a2ff2
66d1f9906b779bf90b43a69483ac3160+0xa2fb3 @ 0x4a2fb3
66d1f9906b779bf90b43a69483ac3160+0xfac79 @ 0x4fac79
66d1f9906b779bf90b43a69483ac3160+0xfe547 @ 0x4fe547
66d1f9906b779bf90b43a69483ac3160+0xfe85d @ 0x4fe85d
66d1f9906b779bf90b43a69483ac3160+0xfea0e @ 0x4fea0e
66d1f9906b779bf90b43a69483ac3160+0xfdb99 @ 0x4fdb99
66d1f9906b779bf90b43a69483ac3160+0x104e1b @ 0x504e1b
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702308
registers.edi: 59702496
registers.eax: 59702308
registers.ebp: 59702388
registers.edx: 0
registers.ebx: 4863996
registers.esi: 11004
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648386.541875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0xa30a4 @ 0x4a30a4
66d1f9906b779bf90b43a69483ac3160+0xa2ff2 @ 0x4a2ff2
66d1f9906b779bf90b43a69483ac3160+0xa2fb3 @ 0x4a2fb3
66d1f9906b779bf90b43a69483ac3160+0xfac79 @ 0x4fac79
66d1f9906b779bf90b43a69483ac3160+0xfe547 @ 0x4fe547
66d1f9906b779bf90b43a69483ac3160+0xfe85d @ 0x4fe85d
66d1f9906b779bf90b43a69483ac3160+0xfea0e @ 0x4fea0e
66d1f9906b779bf90b43a69483ac3160+0xfdb99 @ 0x4fdb99
66d1f9906b779bf90b43a69483ac3160+0x104e1b @ 0x504e1b
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702308
registers.edi: 59702496
registers.eax: 59702308
registers.ebp: 59702388
registers.edx: 0
registers.ebx: 4863996
registers.esi: 11004
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648399.369875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0xa30a4 @ 0x4a30a4
66d1f9906b779bf90b43a69483ac3160+0xa2ff2 @ 0x4a2ff2
66d1f9906b779bf90b43a69483ac3160+0xa2fb3 @ 0x4a2fb3
66d1f9906b779bf90b43a69483ac3160+0xfac79 @ 0x4fac79
66d1f9906b779bf90b43a69483ac3160+0xfe547 @ 0x4fe547
66d1f9906b779bf90b43a69483ac3160+0xfe85d @ 0x4fe85d
66d1f9906b779bf90b43a69483ac3160+0xfea0e @ 0x4fea0e
66d1f9906b779bf90b43a69483ac3160+0xfdb99 @ 0x4fdb99
66d1f9906b779bf90b43a69483ac3160+0x104e1b @ 0x504e1b
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702308
registers.edi: 59702496
registers.eax: 59702308
registers.ebp: 59702388
registers.edx: 0
registers.ebx: 4863996
registers.esi: 11002
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648399.869875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 4
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64921008
registers.esi: 4
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648400.369875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 5
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64922572
registers.esi: 5
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648400.869875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 6
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64924136
registers.esi: 6
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648401.369875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 7
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64925700
registers.esi: 7
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648401.869875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 8
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64783476
registers.esi: 8
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648402.369875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 9
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64785040
registers.esi: 9
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648402.869875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 10
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64786604
registers.esi: 10
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648403.369875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 11
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64788168
registers.esi: 11
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648403.869875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 12
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64789732
registers.esi: 12
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648404.369875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 13
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64791296
registers.esi: 13
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648404.869875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 14
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64792860
registers.esi: 14
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648405.369875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 15
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64794424
registers.esi: 15
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648405.869875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 16
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64652244
registers.esi: 16
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648406.369875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 17
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64653808
registers.esi: 17
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648406.869875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 18
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64655372
registers.esi: 18
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648407.384875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 19
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64656936
registers.esi: 19
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648407.884875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 20
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64658500
registers.esi: 20
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648408.384875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 21
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64660064
registers.esi: 21
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648408.884875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 22
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64661628
registers.esi: 22
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648409.384875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 23
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64663192
registers.esi: 23
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648409.884875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 24
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64520560
registers.esi: 24
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648410.384875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 25
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64522100
registers.esi: 25
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648410.884875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 26
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64523640
registers.esi: 26
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648411.384875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 27
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64525180
registers.esi: 27
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648411.884875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 28
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64526720
registers.esi: 28
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648412.384875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 29
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64528260
registers.esi: 29
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648412.884875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 30
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64529800
registers.esi: 30
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648413.384875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 31
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64531340
registers.esi: 31
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648413.884875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 32
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64663448
registers.esi: 32
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648414.384875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 33
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64794288
registers.esi: 33
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648414.884875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 34
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64389464
registers.esi: 34
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648415.400875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 35
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64391004
registers.esi: 35
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648415.900875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 36
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64392544
registers.esi: 36
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648416.400875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 37
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64394084
registers.esi: 37
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648416.900875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 38
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64395624
registers.esi: 38
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648417.400875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 39
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64397164
registers.esi: 39
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648417.900875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 40
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64398704
registers.esi: 40
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648418.400875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 41
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64400244
registers.esi: 41
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648418.900875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 42
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64663448
registers.esi: 42
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648419.400875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 43
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64925564
registers.esi: 43
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648419.900875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 44
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64258624
registers.esi: 44
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648420.400875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 45
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64260164
registers.esi: 45
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648420.900875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 46
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64261704
registers.esi: 46
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648421.400875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 47
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64263244
registers.esi: 47
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648421.900875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 48
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64264784
registers.esi: 48
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619648422.400875
__exception__
stacktrace: 
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x1de99 @ 0x41de99
66d1f9906b779bf90b43a69483ac3160+0x105842 @ 0x505842
66d1f9906b779bf90b43a69483ac3160+0x2446f @ 0x42446f
66d1f9906b779bf90b43a69483ac3160+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59702660
registers.edi: 49
registers.eax: 59702660
registers.ebp: 59702740
registers.edx: 0
registers.ebx: 64266324
registers.esi: 49
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619648375.541875
NtAllocateVirtualMemory
process_identifier: 2468
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00780000
success 0 0
1619648378.338875
NtProtectVirtualMemory
process_identifier: 2468
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x04c30000
success 0 0
Foreign language identified in PE resource (9 个事件)
name DLL language LANG_CHINESE offset 0x0014da00 filetype PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000242b0
name SYS language LANG_CHINESE offset 0x00282d20 filetype PE32 executable (console) Intel 80386, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000c6200
name SYS language LANG_CHINESE offset 0x00282d20 filetype PE32 executable (console) Intel 80386, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000c6200
name SYS language LANG_CHINESE offset 0x00282d20 filetype PE32 executable (console) Intel 80386, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000c6200
name SYS language LANG_CHINESE offset 0x00282d20 filetype PE32 executable (console) Intel 80386, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000c6200
name RT_ICON language LANG_CHINESE offset 0x00350a04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000010a8
name RT_GROUP_ICON language LANG_CHINESE offset 0x0037dbb8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_VERSION language LANG_CHINESE offset 0x0037dbcc filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002ac
name RT_MANIFEST language LANG_CHINESE offset 0x0037de78 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015d
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619648376.119875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 113.108.239.196
host 172.217.24.14
Attempts to stop active services (1 个事件)
Time & API Arguments Status Return Repeated
1619648376.494875
ControlService
service_handle: 0x00937b30
service_name: PolicyAgent
control_code: 1
success 1 0
Detects VirtualBox through the presence of a device (2 个事件)
file \??\VBoxGuest
file \??\VBoxMiniRdrDN
Detects VirtualBox through the presence of a file (1 个事件)
dll C:\Windows\system32\VBoxMRXNP.dll
Generates some ICMP traffic
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x533254 VirtualFree
0x533258 VirtualAlloc
0x53325c LocalFree
0x533260 LocalAlloc
0x533264 GetTickCount
0x53326c GetVersion
0x533270 GetCurrentThreadId
0x53327c VirtualQuery
0x533280 WideCharToMultiByte
0x533288 MultiByteToWideChar
0x53328c lstrlenA
0x533290 lstrcpynA
0x533294 LoadLibraryExA
0x533298 GetThreadLocale
0x53329c GetStartupInfoA
0x5332a0 GetProcAddress
0x5332a4 GetModuleHandleA
0x5332a8 GetModuleFileNameA
0x5332ac GetLocaleInfoA
0x5332b0 GetLastError
0x5332b8 GetCommandLineA
0x5332bc FreeLibrary
0x5332c0 FindFirstFileA
0x5332c4 FindClose
0x5332c8 CreateDirectoryA
0x5332cc ExitProcess
0x5332d0 ExitThread
0x5332d4 CreateThread
0x5332d8 WriteFile
0x5332e0 RtlUnwind
0x5332e4 RaiseException
0x5332e8 GetStdHandle
Library user32.dll:
0x5332f0 GetKeyboardType
0x5332f4 LoadStringA
0x5332f8 MessageBoxA
0x5332fc CharNextA
Library advapi32.dll:
0x533304 RegQueryValueExA
0x533308 RegOpenKeyExA
0x53330c RegCloseKey
Library oleaut32.dll:
0x533314 SysFreeString
0x533318 SysReAllocStringLen
0x53331c SysAllocStringLen
Library kernel32.dll:
0x533324 TlsSetValue
0x533328 TlsGetValue
0x53332c LocalAlloc
0x533330 GetModuleHandleA
Library advapi32.dll:
0x533338 RegQueryValueExA
0x53333c RegOpenKeyExA
0x533340 RegFlushKey
0x533344 RegCreateKeyExA
0x533348 RegCloseKey
0x53334c OpenProcessToken
Library kernel32.dll:
0x53335c lstrcpyA
0x533360 lstrcmpA
0x533368 WriteFile
0x53336c WinExec
0x533370 WaitForSingleObject
0x533378 VirtualQuery
0x53337c VirtualAlloc
0x533380 UnmapViewOfFile
0x533384 TerminateProcess
0x533388 Sleep
0x53338c SizeofResource
0x533390 SetThreadPriority
0x533394 SetThreadLocale
0x533398 SetFileTime
0x53339c SetFilePointer
0x5333a0 SetFileAttributesA
0x5333a4 SetEvent
0x5333a8 SetErrorMode
0x5333ac SetEndOfFile
0x5333b0 ResumeThread
0x5333b4 ResetEvent
0x5333b8 RemoveDirectoryA
0x5333bc ReadFile
0x5333c0 OpenProcess
0x5333c4 OpenFileMappingA
0x5333c8 MultiByteToWideChar
0x5333cc MulDiv
0x5333d0 MoveFileA
0x5333d4 MapViewOfFile
0x5333d8 LockResource
0x5333e0 LoadResource
0x5333e4 LoadLibraryA
0x5333ec IsDBCSLeadByte
0x5333f4 GlobalUnlock
0x5333f8 GlobalSize
0x5333fc GlobalReAlloc
0x533400 GlobalHandle
0x533404 GlobalLock
0x533408 GlobalFree
0x53340c GlobalFindAtomA
0x533410 GlobalDeleteAtom
0x533414 GlobalAlloc
0x533418 GlobalAddAtomA
0x533424 GetVersionExA
0x533428 GetVersion
0x53342c GetUserDefaultLCID
0x533434 GetTickCount
0x533438 GetThreadLocale
0x53343c GetTempPathA
0x533440 GetSystemInfo
0x533444 GetSystemDirectoryA
0x533448 GetStringTypeExA
0x53344c GetStdHandle
0x533450 GetStartupInfoA
0x533454 GetProcAddress
0x53345c GetModuleHandleA
0x533460 GetModuleFileNameA
0x533464 GetLogicalDrives
0x533468 GetLocaleInfoA
0x53346c GetLocalTime
0x533470 GetLastError
0x533474 GetFullPathNameA
0x533478 GetFileTime
0x53347c GetFileSize
0x533484 GetFileAttributesA
0x533488 GetExitCodeThread
0x53348c GetDriveTypeA
0x533490 GetDiskFreeSpaceA
0x533494 GetDateFormatA
0x533498 GetCurrentThreadId
0x53349c GetCurrentProcessId
0x5334a0 GetCurrentProcess
0x5334a4 GetComputerNameA
0x5334a8 GetCPInfo
0x5334ac GetACP
0x5334b0 FreeResource
0x5334b8 InterlockedExchange
0x5334c0 FreeLibrary
0x5334c4 FormatMessageA
0x5334c8 FlushFileBuffers
0x5334cc FindResourceA
0x5334d0 FindNextFileA
0x5334d8 FindFirstFileA
0x5334e0 FindClose
0x5334f0 ExitProcess
0x5334f4 EnumCalendarInfoA
0x533500 DeleteFileA
0x533508 CreateThread
0x53350c CreateProcessA
0x533510 CreateFileMappingA
0x533514 CreateFileA
0x533518 CreateEventA
0x53351c CreateDirectoryA
0x533520 CopyFileA
0x533524 CompareStringA
0x533528 CloseHandle
Library mpr.dll:
0x533530 WNetGetConnectionA
Library version.dll:
0x533538 VerQueryValueA
0x533540 GetFileVersionInfoA
Library gdi32.dll:
0x533548 UnrealizeObject
0x53354c StretchBlt
0x533550 SetWindowOrgEx
0x533554 SetWinMetaFileBits
0x533558 SetViewportOrgEx
0x53355c SetTextColor
0x533560 SetTextAlign
0x533564 SetStretchBltMode
0x533568 SetROP2
0x53356c SetPixel
0x533570 SetMapMode
0x533574 SetEnhMetaFileBits
0x533578 SetDIBColorTable
0x53357c SetBrushOrgEx
0x533580 SetBkMode
0x533584 SetBkColor
0x533588 SelectPalette
0x53358c SelectObject
0x533590 SelectClipRgn
0x533594 SaveDC
0x533598 RestoreDC
0x53359c Rectangle
0x5335a0 RectVisible
0x5335a4 RealizePalette
0x5335a8 Polyline
0x5335ac Polygon
0x5335b0 PlayEnhMetaFile
0x5335b4 PatBlt
0x5335b8 MoveToEx
0x5335bc MaskBlt
0x5335c0 LineTo
0x5335c4 LPtoDP
0x5335c8 IntersectClipRect
0x5335cc GetWindowOrgEx
0x5335d0 GetWinMetaFileBits
0x5335d4 GetViewportOrgEx
0x5335d8 GetTextMetricsA
0x5335dc GetTextExtentPointA
0x5335e8 GetStockObject
0x5335ec GetPixel
0x5335f0 GetPaletteEntries
0x5335f4 GetObjectA
0x533604 GetEnhMetaFileBits
0x533608 GetDeviceCaps
0x53360c GetDIBits
0x533610 GetDIBColorTable
0x533614 GetDCOrgEx
0x53361c GetClipBox
0x533620 GetBrushOrgEx
0x533624 GetBitmapBits
0x533628 GdiFlush
0x53362c ExtTextOutA
0x533630 ExcludeClipRect
0x533634 DeleteObject
0x533638 DeleteEnhMetaFile
0x53363c DeleteDC
0x533640 CreateSolidBrush
0x533644 CreateRectRgn
0x533648 CreatePenIndirect
0x53364c CreatePalette
0x533654 CreateFontIndirectA
0x533658 CreateEnhMetaFileA
0x53365c CreateDIBitmap
0x533660 CreateDIBSection
0x533664 CreateCompatibleDC
0x53366c CreateBrushIndirect
0x533670 CreateBitmap
0x533674 CopyEnhMetaFileA
0x533678 CombineRgn
0x53367c CloseEnhMetaFile
0x533680 BitBlt
Library user32.dll:
0x533688 CreateWindowExA
0x53368c WindowFromPoint
0x533690 WinHelpA
0x533694 WaitMessage
0x533698 UpdateWindow
0x53369c UnregisterClassA
0x5336a0 UnhookWindowsHookEx
0x5336a4 TranslateMessage
0x5336ac TrackPopupMenu
0x5336b4 ShowWindow
0x5336b8 ShowScrollBar
0x5336bc ShowOwnedPopups
0x5336c0 ShowCursor
0x5336c4 SetWindowRgn
0x5336c8 SetWindowsHookExA
0x5336cc SetWindowTextA
0x5336d0 SetWindowPos
0x5336d4 SetWindowPlacement
0x5336d8 SetWindowLongA
0x5336dc SetTimer
0x5336e0 SetScrollRange
0x5336e4 SetScrollPos
0x5336e8 SetScrollInfo
0x5336ec SetRect
0x5336f0 SetPropA
0x5336f4 SetParent
0x5336f8 SetMenuItemInfoA
0x5336fc SetMenu
0x533700 SetForegroundWindow
0x533704 SetFocus
0x533708 SetCursor
0x53370c SetClipboardData
0x533710 SetClassLongA
0x533714 SetCapture
0x533718 SetActiveWindow
0x53371c SendMessageA
0x533720 ScrollWindow
0x533724 ScreenToClient
0x533728 RemovePropA
0x53372c RemoveMenu
0x533730 ReleaseDC
0x533734 ReleaseCapture
0x533740 RegisterClassA
0x533744 RedrawWindow
0x533748 PtInRect
0x53374c PostQuitMessage
0x533750 PostMessageA
0x533754 PeekMessageA
0x533758 OpenClipboard
0x53375c OffsetRect
0x533760 OemToCharA
0x533768 MessageBoxA
0x53376c MessageBeep
0x533770 MapWindowPoints
0x533774 MapVirtualKeyA
0x533778 LoadStringA
0x53377c LoadKeyboardLayoutA
0x533780 LoadImageA
0x533784 LoadIconA
0x533788 LoadCursorA
0x53378c LoadBitmapA
0x533790 KillTimer
0x533794 IsZoomed
0x533798 IsWindowVisible
0x53379c IsWindowEnabled
0x5337a0 IsWindow
0x5337a4 IsRectEmpty
0x5337a8 IsIconic
0x5337ac IsDialogMessageA
0x5337b0 IsChild
0x5337b4 InvalidateRect
0x5337b8 IntersectRect
0x5337bc InsertMenuItemA
0x5337c0 InsertMenuA
0x5337c4 InflateRect
0x5337cc GetWindowTextA
0x5337d0 GetWindowRect
0x5337d4 GetWindowPlacement
0x5337d8 GetWindowLongA
0x5337dc GetWindowDC
0x5337e0 GetTopWindow
0x5337e4 GetSystemMetrics
0x5337e8 GetSystemMenu
0x5337ec GetSysColorBrush
0x5337f0 GetSysColor
0x5337f4 GetSubMenu
0x5337f8 GetScrollRange
0x5337fc GetScrollPos
0x533800 GetScrollInfo
0x533804 GetPropA
0x533808 GetParent
0x53380c GetWindow
0x533810 GetMessageTime
0x533814 GetMessagePos
0x533818 GetMenuStringA
0x53381c GetMenuState
0x533820 GetMenuItemInfoA
0x533824 GetMenuItemID
0x533828 GetMenuItemCount
0x53382c GetMenuDefaultItem
0x533830 GetMenu
0x533834 GetLastActivePopup
0x533838 GetKeyboardState
0x533840 GetKeyboardLayout
0x533844 GetKeyState
0x533848 GetKeyNameTextA
0x53384c GetIconInfo
0x533850 GetForegroundWindow
0x533854 GetFocus
0x533858 GetDlgItem
0x53385c GetDesktopWindow
0x533860 GetDCEx
0x533864 GetDC
0x533868 GetCursorPos
0x53386c GetCursor
0x533870 GetClipboardData
0x533874 GetClientRect
0x533878 GetClassNameA
0x53387c GetClassInfoA
0x533880 GetCapture
0x533884 GetActiveWindow
0x533888 FrameRect
0x53388c FindWindowA
0x533890 FillRect
0x533894 EqualRect
0x533898 EnumWindows
0x53389c EnumThreadWindows
0x5338a0 EndPaint
0x5338a4 EnableWindow
0x5338a8 EnableScrollBar
0x5338ac EnableMenuItem
0x5338b0 EmptyClipboard
0x5338b4 DrawTextA
0x5338b8 DrawMenuBar
0x5338bc DrawIconEx
0x5338c0 DrawIcon
0x5338c4 DrawFrameControl
0x5338c8 DrawFocusRect
0x5338cc DrawEdge
0x5338d0 DispatchMessageA
0x5338d4 DestroyWindow
0x5338d8 DestroyMenu
0x5338dc DestroyIcon
0x5338e0 DestroyCursor
0x5338e4 DeleteMenu
0x5338e8 DefWindowProcA
0x5338ec DefMDIChildProcA
0x5338f0 DefFrameProcA
0x5338f4 CreatePopupMenu
0x5338f8 CreateMenu
0x5338fc CreateIcon
0x533900 CloseClipboard
0x533904 ClientToScreen
0x53390c CheckMenuItem
0x533910 CallWindowProcA
0x533914 CallNextHookEx
0x533918 BeginPaint
0x53391c AppendMenuA
0x533920 CharNextA
0x533924 CharLowerBuffA
0x533928 CharLowerA
0x53392c CharUpperBuffA
0x533930 CharToOemA
0x533934 AdjustWindowRectEx
Library kernel32.dll:
0x533940 Sleep
Library oleaut32.dll:
0x533948 SafeArrayPtrOfIndex
0x53394c SafeArrayGetUBound
0x533950 SafeArrayGetLBound
0x533954 SafeArrayCreate
0x533958 VariantChangeType
0x53395c VariantCopy
0x533960 VariantClear
0x533964 VariantInit
Library ole32.dll:
0x533970 IsAccelerator
0x533974 ReleaseStgMedium
0x533978 OleDraw
0x533980 RevokeDragDrop
0x533984 OleUninitialize
0x533988 OleInitialize
0x53398c CoTaskMemFree
0x533990 CoTaskMemAlloc
0x533994 ProgIDFromCLSID
0x533998 StringFromCLSID
0x53399c CoCreateInstance
0x5339a0 CoGetClassObject
0x5339a4 CoUninitialize
0x5339a8 CoInitialize
0x5339ac IsEqualGUID
Library oleaut32.dll:
0x5339b4 CreateErrorInfo
0x5339b8 GetErrorInfo
0x5339bc SetErrorInfo
0x5339c0 GetActiveObject
0x5339c4 SysFreeString
Library comctl32.dll:
0x5339d4 ImageList_Write
0x5339d8 ImageList_Read
0x5339e8 ImageList_DragMove
0x5339ec ImageList_DragLeave
0x5339f0 ImageList_DragEnter
0x5339f4 ImageList_EndDrag
0x5339f8 ImageList_BeginDrag
0x5339fc ImageList_Remove
0x533a00 ImageList_DrawEx
0x533a04 ImageList_Draw
0x533a18 ImageList_Add
0x533a20 ImageList_Destroy
0x533a24 ImageList_Create
0x533a28 InitCommonControls
Library shell32.dll:
0x533a30 ShellExecuteA
0x533a34 SHGetFileInfoA
Library shell32.dll:
Library comdlg32.dll:
0x533a48 GetOpenFileNameA
Library ole32.dll:
0x533a50 CoUninitialize
0x533a54 CoInitialize

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53210 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60215 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 62912 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56539 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.