6.6
高危
53 个模型检测该样本为恶意!
重新分析
更多

4756381e3242c26236262375e0df0395934e814fa3736d0e5fa94977a90326c3

776e91dcecf9326ceb7349c205613955.exe

分析耗时

81s

最近分析

文件大小

3.7MB
静态报毒 动态报毒 +XJTITV7DRC AI SCORE=89 BARYS CONFIDENCE CRYPTINJECT DROPPERX GAMEHACK GAMETHIEF GENCIRC GENERICRXAA GENETIC JIYPFAKYEUF KCLOUD MALWARE@#36FCI3ZX35QSD MOFO ONLINEGAMES SCORE STATIC AI SUSGEN SUSPICIOUS PE THJAABO UNSAFE WACATAC WOOOL ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Trojan:Win32/Woool.e9f3eb7d 20190527 0.3.0.5
Avast Win32:DropperX-gen [Drp] 20201231 21.1.5827.0
Tencent Malware.Win32.Gencirc.11ab089b 20210101 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Undef.(kcloud) 20210101 2017.9.26.565
McAfee GenericRXAA-AA!776E91DCECF9 20210101 6.0.6.653
CrowdStrike win/malicious_confidence_70% (W) 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (1 个事件)
Time & API Arguments Status Return Repeated
1619651900.721875
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619651896.737875
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name DLL
resource name SYS
One or more processes crashed (50 out of 94 个事件)
Time & API Arguments Status Return Repeated
1619651899.721875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0xa30a4 @ 0x4a30a4
776e91dcecf9326ceb7349c205613955+0xa2ff2 @ 0x4a2ff2
776e91dcecf9326ceb7349c205613955+0xa2fb3 @ 0x4a2fb3
776e91dcecf9326ceb7349c205613955+0xfac79 @ 0x4fac79
776e91dcecf9326ceb7349c205613955+0xfe547 @ 0x4fe547
776e91dcecf9326ceb7349c205613955+0xfe85d @ 0x4fe85d
776e91dcecf9326ceb7349c205613955+0xfea0e @ 0x4fea0e
776e91dcecf9326ceb7349c205613955+0xfdb99 @ 0x4fdb99
776e91dcecf9326ceb7349c205613955+0x104e1b @ 0x504e1b
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309092
registers.edi: 59309280
registers.eax: 59309092
registers.ebp: 59309172
registers.edx: 0
registers.ebx: 4863996
registers.esi: 11004
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651902.518875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0xa30a4 @ 0x4a30a4
776e91dcecf9326ceb7349c205613955+0xa2ff2 @ 0x4a2ff2
776e91dcecf9326ceb7349c205613955+0xa2fb3 @ 0x4a2fb3
776e91dcecf9326ceb7349c205613955+0xfac79 @ 0x4fac79
776e91dcecf9326ceb7349c205613955+0xfe547 @ 0x4fe547
776e91dcecf9326ceb7349c205613955+0xfe85d @ 0x4fe85d
776e91dcecf9326ceb7349c205613955+0xfea0e @ 0x4fea0e
776e91dcecf9326ceb7349c205613955+0xfdb99 @ 0x4fdb99
776e91dcecf9326ceb7349c205613955+0x104e1b @ 0x504e1b
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309092
registers.edi: 59309280
registers.eax: 59309092
registers.ebp: 59309172
registers.edx: 0
registers.ebx: 4863996
registers.esi: 11004
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651905.330875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0xa30a4 @ 0x4a30a4
776e91dcecf9326ceb7349c205613955+0xa2ff2 @ 0x4a2ff2
776e91dcecf9326ceb7349c205613955+0xa2fb3 @ 0x4a2fb3
776e91dcecf9326ceb7349c205613955+0xfac79 @ 0x4fac79
776e91dcecf9326ceb7349c205613955+0xfe547 @ 0x4fe547
776e91dcecf9326ceb7349c205613955+0xfe85d @ 0x4fe85d
776e91dcecf9326ceb7349c205613955+0xfea0e @ 0x4fea0e
776e91dcecf9326ceb7349c205613955+0xfdb99 @ 0x4fdb99
776e91dcecf9326ceb7349c205613955+0x104e1b @ 0x504e1b
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309092
registers.edi: 59309280
registers.eax: 59309092
registers.ebp: 59309172
registers.edx: 0
registers.ebx: 4863996
registers.esi: 11004
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651918.158875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0xa30a4 @ 0x4a30a4
776e91dcecf9326ceb7349c205613955+0xa2ff2 @ 0x4a2ff2
776e91dcecf9326ceb7349c205613955+0xa2fb3 @ 0x4a2fb3
776e91dcecf9326ceb7349c205613955+0xfac79 @ 0x4fac79
776e91dcecf9326ceb7349c205613955+0xfe547 @ 0x4fe547
776e91dcecf9326ceb7349c205613955+0xfe85d @ 0x4fe85d
776e91dcecf9326ceb7349c205613955+0xfea0e @ 0x4fea0e
776e91dcecf9326ceb7349c205613955+0xfdb99 @ 0x4fdb99
776e91dcecf9326ceb7349c205613955+0x104e1b @ 0x504e1b
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309092
registers.edi: 59309280
registers.eax: 59309092
registers.ebp: 59309172
registers.edx: 0
registers.ebx: 4863996
registers.esi: 11002
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651918.658875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 4
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64919092
registers.esi: 4
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651919.158875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 5
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64920636
registers.esi: 5
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651919.658875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 6
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64922180
registers.esi: 6
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651920.174875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 7
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64923724
registers.esi: 7
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651920.674875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 8
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64925268
registers.esi: 8
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651921.174875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 9
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64783080
registers.esi: 9
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651921.674875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 10
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64784624
registers.esi: 10
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651922.174875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 11
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64786168
registers.esi: 11
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651922.674875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 12
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64787712
registers.esi: 12
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651923.174875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 13
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64789256
registers.esi: 13
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651923.674875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 14
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64790800
registers.esi: 14
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651924.174875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 15
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64792344
registers.esi: 15
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651924.674875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 16
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64793888
registers.esi: 16
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651925.174875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 17
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64991016
registers.esi: 17
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651925.674875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 18
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64925540
registers.esi: 18
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651926.174875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 19
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64651520
registers.esi: 19
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651926.674875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 20
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64652804
registers.esi: 20
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651927.174875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 21
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64654348
registers.esi: 21
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651927.674875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 22
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64655892
registers.esi: 22
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651928.174875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 23
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64657436
registers.esi: 23
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651928.674875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 24
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64658980
registers.esi: 24
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651929.174875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 25
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64660524
registers.esi: 25
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651929.690875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 26
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64662372
registers.esi: 26
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651930.190875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 27
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64991104
registers.esi: 27
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651930.690875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 28
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64520384
registers.esi: 28
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651931.190875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 29
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64794564
registers.esi: 29
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651931.690875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 30
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64521188
registers.esi: 30
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651932.190875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 31
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64522732
registers.esi: 31
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651932.690875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 32
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64524276
registers.esi: 32
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651933.205875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 33
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64525820
registers.esi: 33
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651933.705875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 34
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64527364
registers.esi: 34
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651934.205875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 35
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64528908
registers.esi: 35
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651934.705875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 36
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64530452
registers.esi: 36
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651935.205875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 37
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64531996
registers.esi: 37
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651935.705875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 38
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64389464
registers.esi: 38
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651936.205875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 39
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64391008
registers.esi: 39
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651936.705875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 40
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64392552
registers.esi: 40
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651937.205875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 41
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64394096
registers.esi: 41
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651937.705875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 42
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64395640
registers.esi: 42
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651938.205875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 43
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64397184
registers.esi: 43
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651938.705875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 44
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64398728
registers.esi: 44
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651939.205875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 45
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64400272
registers.esi: 45
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651939.705875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 46
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64532164
registers.esi: 46
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651940.205875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 47
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64401324
registers.esi: 47
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651940.721875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 48
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64258500
registers.esi: 48
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619651941.221875
__exception__
stacktrace: 
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x1de99 @ 0x41de99
776e91dcecf9326ceb7349c205613955+0x105842 @ 0x505842
776e91dcecf9326ceb7349c205613955+0x2446f @ 0x42446f
776e91dcecf9326ceb7349c205613955+0x448a @ 0x40448a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59309444
registers.edi: 49
registers.eax: 59309444
registers.ebp: 59309524
registers.edx: 0
registers.ebx: 64260096
registers.esi: 49
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (2 个事件)
Time & API Arguments Status Return Repeated
1619651896.377875
NtAllocateVirtualMemory
process_identifier: 2196
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x007c0000
success 0 0
1619651900.737875
NtProtectVirtualMemory
process_identifier: 2196
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x04bd0000
success 0 0
Foreign language identified in PE resource (9 个事件)
name DLL language LANG_CHINESE offset 0x0014da00 filetype PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000242b0
name SYS language LANG_CHINESE offset 0x00282d20 filetype PE32 executable (console) Intel 80386, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000c6200
name SYS language LANG_CHINESE offset 0x00282d20 filetype PE32 executable (console) Intel 80386, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000c6200
name SYS language LANG_CHINESE offset 0x00282d20 filetype PE32 executable (console) Intel 80386, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000c6200
name SYS language LANG_CHINESE offset 0x00282d20 filetype PE32 executable (console) Intel 80386, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000c6200
name RT_ICON language LANG_CHINESE offset 0x00350a04 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000010a8
name RT_GROUP_ICON language LANG_CHINESE offset 0x0037dbb8 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_VERSION language LANG_CHINESE offset 0x0037dbcc filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002ac
name RT_MANIFEST language LANG_CHINESE offset 0x0037de78 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015d
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619651896.830875
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Attempts to stop active services (1 个事件)
Time & API Arguments Status Return Repeated
1619651897.174875
ControlService
service_handle: 0x00847b30
service_name: PolicyAgent
control_code: 1
success 1 0
Detects VirtualBox through the presence of a device (2 个事件)
file \??\VBoxGuest
file \??\VBoxMiniRdrDN
Detects VirtualBox through the presence of a file (1 个事件)
dll C:\Windows\system32\VBoxMRXNP.dll
Generates some ICMP traffic
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
MicroWorld-eScan Gen:Variant.Zusy.310982
FireEye Generic.mg.776e91dcecf9326c
Qihoo-360 Win32/Trojan.GameThief.60c
ALYac Gen:Variant.Zusy.310982
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 0049133a1 )
Alibaba Trojan:Win32/Woool.e9f3eb7d
K7GW Trojan ( 0049133a1 )
Cybereason malicious.cecf93
Arcabit Trojan.Zusy.D4BEC6
BitDefenderTheta AI:Packer.3DBC28C619
Cyren W32/Trojan.MOFO-1786
Symantec SMG.Heur!gen
APEX Malicious
Avast Win32:DropperX-gen [Drp]
Kaspersky HEUR:Trojan-GameThief.Win32.OnLineGames.gen
BitDefender Gen:Variant.Zusy.310982
Paloalto generic.ml
AegisLab Trojan.Win32.OnLineGames.d!c
Tencent Malware.Win32.Gencirc.11ab089b
Ad-Aware Gen:Variant.Zusy.310982
Emsisoft Gen:Variant.Zusy.310982 (B)
Comodo Malware@#36fci3zx35qsd
F-Secure Trojan.TR/Barys.726.606
VIPRE Trojan.Win32.Generic!BT
TrendMicro Trojan.Win32.WACATAC.THJAABO
McAfee-GW-Edition BehavesLike.Win32.Generic.wh
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.PSW.OnLineGames.bgx
Avira TR/Barys.726.606
Antiy-AVL Trojan[GameThief]/Win32.OnLineGames
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Ransom.Win32.Wacatac.oa
Microsoft Trojan:Win32/CryptInject!ml
ZoneAlarm HEUR:Trojan-GameThief.Win32.OnLineGames.gen
GData Gen:Variant.Zusy.310982
Cynet Malicious (score: 100)
McAfee GenericRXAA-AA!776E91DCECF9
MAX malware (ai score=89)
Malwarebytes RiskWare.GameHack
ESET-NOD32 a variant of Win32/Woool.C
TrendMicro-HouseCall Trojan.Win32.WACATAC.THJAABO
Rising Trojan.Woool!8.AEB (TFE:5:JiYPfAKYEuF)
Yandex Trojan.Woool!+xJtITV7Drc
Ikarus Trojan.Win32.Woool
eGambit Unsafe.AI_Score_82%
Fortinet W32/Woool.C!tr
AVG Win32:DropperX-gen [Drp]
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x533254 VirtualFree
0x533258 VirtualAlloc
0x53325c LocalFree
0x533260 LocalAlloc
0x533264 GetTickCount
0x53326c GetVersion
0x533270 GetCurrentThreadId
0x53327c VirtualQuery
0x533280 WideCharToMultiByte
0x533288 MultiByteToWideChar
0x53328c lstrlenA
0x533290 lstrcpynA
0x533294 LoadLibraryExA
0x533298 GetThreadLocale
0x53329c GetStartupInfoA
0x5332a0 GetProcAddress
0x5332a4 GetModuleHandleA
0x5332a8 GetModuleFileNameA
0x5332ac GetLocaleInfoA
0x5332b0 GetLastError
0x5332b8 GetCommandLineA
0x5332bc FreeLibrary
0x5332c0 FindFirstFileA
0x5332c4 FindClose
0x5332c8 CreateDirectoryA
0x5332cc ExitProcess
0x5332d0 ExitThread
0x5332d4 CreateThread
0x5332d8 WriteFile
0x5332e0 RtlUnwind
0x5332e4 RaiseException
0x5332e8 GetStdHandle
Library user32.dll:
0x5332f0 GetKeyboardType
0x5332f4 LoadStringA
0x5332f8 MessageBoxA
0x5332fc CharNextA
Library advapi32.dll:
0x533304 RegQueryValueExA
0x533308 RegOpenKeyExA
0x53330c RegCloseKey
Library oleaut32.dll:
0x533314 SysFreeString
0x533318 SysReAllocStringLen
0x53331c SysAllocStringLen
Library kernel32.dll:
0x533324 TlsSetValue
0x533328 TlsGetValue
0x53332c LocalAlloc
0x533330 GetModuleHandleA
Library advapi32.dll:
0x533338 RegQueryValueExA
0x53333c RegOpenKeyExA
0x533340 RegFlushKey
0x533344 RegCreateKeyExA
0x533348 RegCloseKey
0x53334c OpenProcessToken
Library kernel32.dll:
0x53335c lstrcpyA
0x533360 lstrcmpA
0x533368 WriteFile
0x53336c WinExec
0x533370 WaitForSingleObject
0x533378 VirtualQuery
0x53337c VirtualAlloc
0x533380 UnmapViewOfFile
0x533384 TerminateProcess
0x533388 Sleep
0x53338c SizeofResource
0x533390 SetThreadPriority
0x533394 SetThreadLocale
0x533398 SetFileTime
0x53339c SetFilePointer
0x5333a0 SetFileAttributesA
0x5333a4 SetEvent
0x5333a8 SetErrorMode
0x5333ac SetEndOfFile
0x5333b0 ResumeThread
0x5333b4 ResetEvent
0x5333b8 RemoveDirectoryA
0x5333bc ReadFile
0x5333c0 OpenProcess
0x5333c4 OpenFileMappingA
0x5333c8 MultiByteToWideChar
0x5333cc MulDiv
0x5333d0 MoveFileA
0x5333d4 MapViewOfFile
0x5333d8 LockResource
0x5333e0 LoadResource
0x5333e4 LoadLibraryA
0x5333ec IsDBCSLeadByte
0x5333f4 GlobalUnlock
0x5333f8 GlobalSize
0x5333fc GlobalReAlloc
0x533400 GlobalHandle
0x533404 GlobalLock
0x533408 GlobalFree
0x53340c GlobalFindAtomA
0x533410 GlobalDeleteAtom
0x533414 GlobalAlloc
0x533418 GlobalAddAtomA
0x533424 GetVersionExA
0x533428 GetVersion
0x53342c GetUserDefaultLCID
0x533434 GetTickCount
0x533438 GetThreadLocale
0x53343c GetTempPathA
0x533440 GetSystemInfo
0x533444 GetSystemDirectoryA
0x533448 GetStringTypeExA
0x53344c GetStdHandle
0x533450 GetStartupInfoA
0x533454 GetProcAddress
0x53345c GetModuleHandleA
0x533460 GetModuleFileNameA
0x533464 GetLogicalDrives
0x533468 GetLocaleInfoA
0x53346c GetLocalTime
0x533470 GetLastError
0x533474 GetFullPathNameA
0x533478 GetFileTime
0x53347c GetFileSize
0x533484 GetFileAttributesA
0x533488 GetExitCodeThread
0x53348c GetDriveTypeA
0x533490 GetDiskFreeSpaceA
0x533494 GetDateFormatA
0x533498 GetCurrentThreadId
0x53349c GetCurrentProcessId
0x5334a0 GetCurrentProcess
0x5334a4 GetComputerNameA
0x5334a8 GetCPInfo
0x5334ac GetACP
0x5334b0 FreeResource
0x5334b8 InterlockedExchange
0x5334c0 FreeLibrary
0x5334c4 FormatMessageA
0x5334c8 FlushFileBuffers
0x5334cc FindResourceA
0x5334d0 FindNextFileA
0x5334d8 FindFirstFileA
0x5334e0 FindClose
0x5334f0 ExitProcess
0x5334f4 EnumCalendarInfoA
0x533500 DeleteFileA
0x533508 CreateThread
0x53350c CreateProcessA
0x533510 CreateFileMappingA
0x533514 CreateFileA
0x533518 CreateEventA
0x53351c CreateDirectoryA
0x533520 CopyFileA
0x533524 CompareStringA
0x533528 CloseHandle
Library mpr.dll:
0x533530 WNetGetConnectionA
Library version.dll:
0x533538 VerQueryValueA
0x533540 GetFileVersionInfoA
Library gdi32.dll:
0x533548 UnrealizeObject
0x53354c StretchBlt
0x533550 SetWindowOrgEx
0x533554 SetWinMetaFileBits
0x533558 SetViewportOrgEx
0x53355c SetTextColor
0x533560 SetTextAlign
0x533564 SetStretchBltMode
0x533568 SetROP2
0x53356c SetPixel
0x533570 SetMapMode
0x533574 SetEnhMetaFileBits
0x533578 SetDIBColorTable
0x53357c SetBrushOrgEx
0x533580 SetBkMode
0x533584 SetBkColor
0x533588 SelectPalette
0x53358c SelectObject
0x533590 SelectClipRgn
0x533594 SaveDC
0x533598 RestoreDC
0x53359c Rectangle
0x5335a0 RectVisible
0x5335a4 RealizePalette
0x5335a8 Polyline
0x5335ac Polygon
0x5335b0 PlayEnhMetaFile
0x5335b4 PatBlt
0x5335b8 MoveToEx
0x5335bc MaskBlt
0x5335c0 LineTo
0x5335c4 LPtoDP
0x5335c8 IntersectClipRect
0x5335cc GetWindowOrgEx
0x5335d0 GetWinMetaFileBits
0x5335d4 GetViewportOrgEx
0x5335d8 GetTextMetricsA
0x5335dc GetTextExtentPointA
0x5335e8 GetStockObject
0x5335ec GetPixel
0x5335f0 GetPaletteEntries
0x5335f4 GetObjectA
0x533604 GetEnhMetaFileBits
0x533608 GetDeviceCaps
0x53360c GetDIBits
0x533610 GetDIBColorTable
0x533614 GetDCOrgEx
0x53361c GetClipBox
0x533620 GetBrushOrgEx
0x533624 GetBitmapBits
0x533628 GdiFlush
0x53362c ExtTextOutA
0x533630 ExcludeClipRect
0x533634 DeleteObject
0x533638 DeleteEnhMetaFile
0x53363c DeleteDC
0x533640 CreateSolidBrush
0x533644 CreateRectRgn
0x533648 CreatePenIndirect
0x53364c CreatePalette
0x533654 CreateFontIndirectA
0x533658 CreateEnhMetaFileA
0x53365c CreateDIBitmap
0x533660 CreateDIBSection
0x533664 CreateCompatibleDC
0x53366c CreateBrushIndirect
0x533670 CreateBitmap
0x533674 CopyEnhMetaFileA
0x533678 CombineRgn
0x53367c CloseEnhMetaFile
0x533680 BitBlt
Library user32.dll:
0x533688 CreateWindowExA
0x53368c WindowFromPoint
0x533690 WinHelpA
0x533694 WaitMessage
0x533698 UpdateWindow
0x53369c UnregisterClassA
0x5336a0 UnhookWindowsHookEx
0x5336a4 TranslateMessage
0x5336ac TrackPopupMenu
0x5336b4 ShowWindow
0x5336b8 ShowScrollBar
0x5336bc ShowOwnedPopups
0x5336c0 ShowCursor
0x5336c4 SetWindowRgn
0x5336c8 SetWindowsHookExA
0x5336cc SetWindowTextA
0x5336d0 SetWindowPos
0x5336d4 SetWindowPlacement
0x5336d8 SetWindowLongA
0x5336dc SetTimer
0x5336e0 SetScrollRange
0x5336e4 SetScrollPos
0x5336e8 SetScrollInfo
0x5336ec SetRect
0x5336f0 SetPropA
0x5336f4 SetParent
0x5336f8 SetMenuItemInfoA
0x5336fc SetMenu
0x533700 SetForegroundWindow
0x533704 SetFocus
0x533708 SetCursor
0x53370c SetClipboardData
0x533710 SetClassLongA
0x533714 SetCapture
0x533718 SetActiveWindow
0x53371c SendMessageA
0x533720 ScrollWindow
0x533724 ScreenToClient
0x533728 RemovePropA
0x53372c RemoveMenu
0x533730 ReleaseDC
0x533734 ReleaseCapture
0x533740 RegisterClassA
0x533744 RedrawWindow
0x533748 PtInRect
0x53374c PostQuitMessage
0x533750 PostMessageA
0x533754 PeekMessageA
0x533758 OpenClipboard
0x53375c OffsetRect
0x533760 OemToCharA
0x533768 MessageBoxA
0x53376c MessageBeep
0x533770 MapWindowPoints
0x533774 MapVirtualKeyA
0x533778 LoadStringA
0x53377c LoadKeyboardLayoutA
0x533780 LoadImageA
0x533784 LoadIconA
0x533788 LoadCursorA
0x53378c LoadBitmapA
0x533790 KillTimer
0x533794 IsZoomed
0x533798 IsWindowVisible
0x53379c IsWindowEnabled
0x5337a0 IsWindow
0x5337a4 IsRectEmpty
0x5337a8 IsIconic
0x5337ac IsDialogMessageA
0x5337b0 IsChild
0x5337b4 InvalidateRect
0x5337b8 IntersectRect
0x5337bc InsertMenuItemA
0x5337c0 InsertMenuA
0x5337c4 InflateRect
0x5337cc GetWindowTextA
0x5337d0 GetWindowRect
0x5337d4 GetWindowPlacement
0x5337d8 GetWindowLongA
0x5337dc GetWindowDC
0x5337e0 GetTopWindow
0x5337e4 GetSystemMetrics
0x5337e8 GetSystemMenu
0x5337ec GetSysColorBrush
0x5337f0 GetSysColor
0x5337f4 GetSubMenu
0x5337f8 GetScrollRange
0x5337fc GetScrollPos
0x533800 GetScrollInfo
0x533804 GetPropA
0x533808 GetParent
0x53380c GetWindow
0x533810 GetMessageTime
0x533814 GetMessagePos
0x533818 GetMenuStringA
0x53381c GetMenuState
0x533820 GetMenuItemInfoA
0x533824 GetMenuItemID
0x533828 GetMenuItemCount
0x53382c GetMenuDefaultItem
0x533830 GetMenu
0x533834 GetLastActivePopup
0x533838 GetKeyboardState
0x533840 GetKeyboardLayout
0x533844 GetKeyState
0x533848 GetKeyNameTextA
0x53384c GetIconInfo
0x533850 GetForegroundWindow
0x533854 GetFocus
0x533858 GetDlgItem
0x53385c GetDesktopWindow
0x533860 GetDCEx
0x533864 GetDC
0x533868 GetCursorPos
0x53386c GetCursor
0x533870 GetClipboardData
0x533874 GetClientRect
0x533878 GetClassNameA
0x53387c GetClassInfoA
0x533880 GetCapture
0x533884 GetActiveWindow
0x533888 FrameRect
0x53388c FindWindowA
0x533890 FillRect
0x533894 EqualRect
0x533898 EnumWindows
0x53389c EnumThreadWindows
0x5338a0 EndPaint
0x5338a4 EnableWindow
0x5338a8 EnableScrollBar
0x5338ac EnableMenuItem
0x5338b0 EmptyClipboard
0x5338b4 DrawTextA
0x5338b8 DrawMenuBar
0x5338bc DrawIconEx
0x5338c0 DrawIcon
0x5338c4 DrawFrameControl
0x5338c8 DrawFocusRect
0x5338cc DrawEdge
0x5338d0 DispatchMessageA
0x5338d4 DestroyWindow
0x5338d8 DestroyMenu
0x5338dc DestroyIcon
0x5338e0 DestroyCursor
0x5338e4 DeleteMenu
0x5338e8 DefWindowProcA
0x5338ec DefMDIChildProcA
0x5338f0 DefFrameProcA
0x5338f4 CreatePopupMenu
0x5338f8 CreateMenu
0x5338fc CreateIcon
0x533900 CloseClipboard
0x533904 ClientToScreen
0x53390c CheckMenuItem
0x533910 CallWindowProcA
0x533914 CallNextHookEx
0x533918 BeginPaint
0x53391c AppendMenuA
0x533920 CharNextA
0x533924 CharLowerBuffA
0x533928 CharLowerA
0x53392c CharUpperBuffA
0x533930 CharToOemA
0x533934 AdjustWindowRectEx
Library kernel32.dll:
0x533940 Sleep
Library oleaut32.dll:
0x533948 SafeArrayPtrOfIndex
0x53394c SafeArrayGetUBound
0x533950 SafeArrayGetLBound
0x533954 SafeArrayCreate
0x533958 VariantChangeType
0x53395c VariantCopy
0x533960 VariantClear
0x533964 VariantInit
Library ole32.dll:
0x533970 IsAccelerator
0x533974 ReleaseStgMedium
0x533978 OleDraw
0x533980 RevokeDragDrop
0x533984 OleUninitialize
0x533988 OleInitialize
0x53398c CoTaskMemFree
0x533990 CoTaskMemAlloc
0x533994 ProgIDFromCLSID
0x533998 StringFromCLSID
0x53399c CoCreateInstance
0x5339a0 CoGetClassObject
0x5339a4 CoUninitialize
0x5339a8 CoInitialize
0x5339ac IsEqualGUID
Library oleaut32.dll:
0x5339b4 CreateErrorInfo
0x5339b8 GetErrorInfo
0x5339bc SetErrorInfo
0x5339c0 GetActiveObject
0x5339c4 SysFreeString
Library comctl32.dll:
0x5339d4 ImageList_Write
0x5339d8 ImageList_Read
0x5339e8 ImageList_DragMove
0x5339ec ImageList_DragLeave
0x5339f0 ImageList_DragEnter
0x5339f4 ImageList_EndDrag
0x5339f8 ImageList_BeginDrag
0x5339fc ImageList_Remove
0x533a00 ImageList_DrawEx
0x533a04 ImageList_Draw
0x533a18 ImageList_Add
0x533a20 ImageList_Destroy
0x533a24 ImageList_Create
0x533a28 InitCommonControls
Library shell32.dll:
0x533a30 ShellExecuteA
0x533a34 SHGetFileInfoA
Library shell32.dll:
Library comdlg32.dll:
0x533a48 GetOpenFileNameA
Library ole32.dll:
0x533a50 CoUninitialize
0x533a54 CoInitialize

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702
192.168.56.101 56540 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.