7.2
高危
53 个模型检测该样本为恶意!
重新分析
更多

0d47d1c6e21e6df01ac6593d252993b93a0a00a645e1687c2b75cd0b7656ec2b

acc6903910ccffc2cc29780022fd5069.exe

分析耗时

78s

最近分析

文件大小

3.6MB
静态报毒 动态报毒 5MTACI9ICM8 AI SCORE=80 AIDETECTVM BARYS BTEFU@0 CONFIDENCE DROPPERX GAMEHACK GAMETHIEF GENCIRC GENERICRXAA KILLFILES MALWARE2 ONLINEGAMES P0WIU9QXNAN R03BC0OHO20 SCORE SUSGEN SUSPICIOUS PE UMAL UNSAFE WOOOL YMACCO ZUSY 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee GenericRXAA-AA!ACC6903910CC 20200912 6.0.6.653
Alibaba Trojan:Win32/Woool.c8f7e6c0 20190527 0.3.0.5
Avast Win32:DropperX-gen [Drp] 20200912 18.4.3895.0
Tencent Malware.Win32.Gencirc.10cde764 20200913 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft 20200913 2013.8.14.323
CrowdStrike win/malicious_confidence_70% (W) 20190702 1.0
静态指标
Command line console output was observed (17 个事件)
Time & API Arguments Status Return Repeated
1619837531.672798
WriteConsoleA
buffer: L
console_handle: 0x00000007
success 1 0
1619837531.672798
WriteConsoleA
buffer: P
console_handle: 0x00000007
success 1 0
1619837531.687798
WriteConsoleA
buffer: I
console_handle: 0x00000007
success 1 0
1619837531.687798
WriteConsoleA
buffer: n
console_handle: 0x00000007
success 1 0
1619837531.687798
WriteConsoleA
buffer: s
console_handle: 0x00000007
success 1 0
1619837531.687798
WriteConsoleA
buffer: t
console_handle: 0x00000007
success 1 0
1619837531.687798
WriteConsoleA
buffer: a
console_handle: 0x00000007
success 1 0
1619837531.687798
WriteConsoleA
buffer: l
console_handle: 0x00000007
success 1 0
1619837531.687798
WriteConsoleA
buffer: l
console_handle: 0x00000007
success 1 0
1619837531.687798
WriteConsoleA
buffer: D
console_handle: 0x00000007
success 1 0
1619837531.687798
WriteConsoleA
buffer: r
console_handle: 0x00000007
success 1 0
1619837531.687798
WriteConsoleA
buffer: v
console_handle: 0x00000007
success 1 0
1619837531.687798
WriteConsoleA
buffer: e
console_handle: 0x00000007
success 1 0
1619837531.687798
WriteConsoleA
buffer: r
console_handle: 0x00000007
success 1 0
1619837531.703798
WriteConsoleA
buffer: r
console_handle: 0x00000007
success 1 0
1619837531.703798
WriteConsoleA
buffer: o
console_handle: 0x00000007
success 1 0
1619837531.703798
WriteConsoleA
buffer: r
console_handle: 0x00000007
success 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619826881.192598
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The file contains an unknown PE resource name possibly indicative of a packer (2 个事件)
resource name DLL
resource name SYS
One or more processes crashed (50 out of 71 个事件)
Time & API Arguments Status Return Repeated
1619826884.098598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x93c78 @ 0x493c78
acc6903910ccffc2cc29780022fd5069+0x93bc6 @ 0x493bc6
acc6903910ccffc2cc29780022fd5069+0x93b87 @ 0x493b87
acc6903910ccffc2cc29780022fd5069+0xeb84d @ 0x4eb84d
acc6903910ccffc2cc29780022fd5069+0xef11b @ 0x4ef11b
acc6903910ccffc2cc29780022fd5069+0xef431 @ 0x4ef431
acc6903910ccffc2cc29780022fd5069+0xef5e2 @ 0x4ef5e2
acc6903910ccffc2cc29780022fd5069+0xee76d @ 0x4ee76d
acc6903910ccffc2cc29780022fd5069+0xf5b2b @ 0x4f5b2b
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59046948
registers.edi: 59047136
registers.eax: 59046948
registers.ebp: 59047028
registers.edx: 0
registers.ebx: 4801488
registers.esi: 11004
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826896.176598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x93c78 @ 0x493c78
acc6903910ccffc2cc29780022fd5069+0x93bc6 @ 0x493bc6
acc6903910ccffc2cc29780022fd5069+0x93b87 @ 0x493b87
acc6903910ccffc2cc29780022fd5069+0xeb84d @ 0x4eb84d
acc6903910ccffc2cc29780022fd5069+0xef11b @ 0x4ef11b
acc6903910ccffc2cc29780022fd5069+0xef431 @ 0x4ef431
acc6903910ccffc2cc29780022fd5069+0xef5e2 @ 0x4ef5e2
acc6903910ccffc2cc29780022fd5069+0xee76d @ 0x4ee76d
acc6903910ccffc2cc29780022fd5069+0xf5b2b @ 0x4f5b2b
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59046948
registers.edi: 59047136
registers.eax: 59046948
registers.ebp: 59047028
registers.edx: 0
registers.ebx: 4801488
registers.esi: 11002
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826898.957598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x93c78 @ 0x493c78
acc6903910ccffc2cc29780022fd5069+0x93bc6 @ 0x493bc6
acc6903910ccffc2cc29780022fd5069+0x93b87 @ 0x493b87
acc6903910ccffc2cc29780022fd5069+0xeb84d @ 0x4eb84d
acc6903910ccffc2cc29780022fd5069+0xef11b @ 0x4ef11b
acc6903910ccffc2cc29780022fd5069+0xef431 @ 0x4ef431
acc6903910ccffc2cc29780022fd5069+0xef5e2 @ 0x4ef5e2
acc6903910ccffc2cc29780022fd5069+0xee76d @ 0x4ee76d
acc6903910ccffc2cc29780022fd5069+0xf5b2b @ 0x4f5b2b
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59046948
registers.edi: 59047136
registers.eax: 59046948
registers.ebp: 59047028
registers.edx: 0
registers.ebx: 4801488
registers.esi: 11004
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826911.004598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x93c78 @ 0x493c78
acc6903910ccffc2cc29780022fd5069+0x93bc6 @ 0x493bc6
acc6903910ccffc2cc29780022fd5069+0x93b87 @ 0x493b87
acc6903910ccffc2cc29780022fd5069+0xeb84d @ 0x4eb84d
acc6903910ccffc2cc29780022fd5069+0xef11b @ 0x4ef11b
acc6903910ccffc2cc29780022fd5069+0xef431 @ 0x4ef431
acc6903910ccffc2cc29780022fd5069+0xef5e2 @ 0x4ef5e2
acc6903910ccffc2cc29780022fd5069+0xee76d @ 0x4ee76d
acc6903910ccffc2cc29780022fd5069+0xf5b2b @ 0x4f5b2b
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59046948
registers.edi: 59047136
registers.eax: 59046948
registers.ebp: 59047028
registers.edx: 0
registers.ebx: 4801488
registers.esi: 11002
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826911.504598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 4
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64656268
registers.esi: 4
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826912.004598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 5
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64657820
registers.esi: 5
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826912.504598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 6
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64659372
registers.esi: 6
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826913.004598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 7
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64660924
registers.esi: 7
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826913.504598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 8
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64662476
registers.esi: 8
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826914.004598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 9
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64727972
registers.esi: 9
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826914.504598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 10
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64662748
registers.esi: 10
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826915.020598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 11
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64728572
registers.esi: 11
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826915.520598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 12
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64663520
registers.esi: 12
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826916.020598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 13
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64520916
registers.esi: 13
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826916.520598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 14
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64522468
registers.esi: 14
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826917.020598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 15
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64524020
registers.esi: 15
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826917.520598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 16
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64525572
registers.esi: 16
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826918.020598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 17
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64527124
registers.esi: 17
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826918.520598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 18
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64528676
registers.esi: 18
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826919.020598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 19
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64530228
registers.esi: 19
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826919.520598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 20
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64531780
registers.esi: 20
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826920.020598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 21
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 7981780
registers.esi: 21
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826920.520598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 22
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64389596
registers.esi: 22
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826921.020598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 23
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64391148
registers.esi: 23
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826921.520598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 24
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64392700
registers.esi: 24
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826922.020598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 25
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64394252
registers.esi: 25
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826922.520598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 26
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64395804
registers.esi: 26
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826923.020598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 27
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64397356
registers.esi: 27
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826923.520598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 28
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64398908
registers.esi: 28
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826924.036598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 29
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64400460
registers.esi: 29
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826924.536598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 30
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64532052
registers.esi: 30
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826925.036598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 31
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64729004
registers.esi: 31
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826925.536598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 32
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64258692
registers.esi: 32
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826926.036598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 33
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64260244
registers.esi: 33
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826926.536598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 34
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64261796
registers.esi: 34
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826927.036598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 35
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64263348
registers.esi: 35
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826927.536598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 36
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64264900
registers.esi: 36
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826928.036598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 37
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64266452
registers.esi: 37
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826928.536598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 38
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64268004
registers.esi: 38
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826929.036598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 39
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64269556
registers.esi: 39
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826929.536598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 40
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64663468
registers.esi: 40
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826930.036598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 41
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64127232
registers.esi: 41
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826930.536598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 42
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64128836
registers.esi: 42
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826931.036598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 43
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64130388
registers.esi: 43
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826931.536598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 44
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64131940
registers.esi: 44
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826932.036598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 45
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64133492
registers.esi: 45
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826932.551598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 46
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64135044
registers.esi: 46
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826933.051598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 47
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64136596
registers.esi: 47
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826933.551598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 48
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64138148
registers.esi: 48
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
1619826934.051598
__exception__
stacktrace: 
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0x1d351 @ 0x41d351
acc6903910ccffc2cc29780022fd5069+0xf6552 @ 0x4f6552
acc6903910ccffc2cc29780022fd5069+0x21737 @ 0x421737
acc6903910ccffc2cc29780022fd5069+0x43de @ 0x4043de
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 59047300
registers.edi: 49
registers.eax: 59047300
registers.ebp: 59047380
registers.edx: 0
registers.ebx: 64269644
registers.esi: 49
registers.ecx: 7
exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x778eb727
success 0 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619826880.848598
NtAllocateVirtualMemory
process_identifier: 376
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00860000
success 0 0
Foreign language identified in PE resource (9 个事件)
name DLL language LANG_CHINESE offset 0x0012b9d0 filetype PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000242b0
name SYS language LANG_CHINESE offset 0x00260cf0 filetype PE32 executable (console) Intel 80386, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000c6200
name SYS language LANG_CHINESE offset 0x00260cf0 filetype PE32 executable (console) Intel 80386, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000c6200
name SYS language LANG_CHINESE offset 0x00260cf0 filetype PE32 executable (console) Intel 80386, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000c6200
name SYS language LANG_CHINESE offset 0x00260cf0 filetype PE32 executable (console) Intel 80386, for MS Windows sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000c6200
name RT_ICON language LANG_CHINESE offset 0x0032e9d4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000010a8
name RT_GROUP_ICON language LANG_CHINESE offset 0x0035bac0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000014
name RT_VERSION language LANG_CHINESE offset 0x0035bad4 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x000002ac
name RT_MANIFEST language LANG_CHINESE offset 0x0035bd80 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000015d
Creates executable files on the filesystem (2 个事件)
file C:\Windows\System32\drivers\8V73Ztc.exe
file C:\Windows\System32\drivers\ProtectApi.dll
Creates a service (1 个事件)
Time & API Arguments Status Return Repeated
1619837531.656798
CreateServiceW
service_start_name:
start_type: 0
service_handle: 0x005bf710
display_name: 5B47740D
error_control: 1
service_name: 5B47740D
filepath: C:\Windows\System32\drivers\System32\drivers\5B47740D.sys
filepath_r: System32\drivers\5B47740D.sys
service_manager_handle: 0x005bf670
desired_access: 983551
service_type: 1
password:
success 6027024 0
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619826882.567598
ShellExecuteExW
parameters:
filepath: C:\Windows\System32\drivers\8V73Ztc.exe
filepath_r: C:\Windows\system32\drivers\8V73Ztc.exe
show_type: 0
success 1 0
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619826881.301598
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Attempts to stop active services (1 个事件)
Time & API Arguments Status Return Repeated
1619826881.629598
ControlService
service_handle: 0x00907b30
service_name: PolicyAgent
control_code: 1
success 1 0
Installs itself for autorun at Windows startup (1 个事件)
service_name 5B47740D service_path C:\Windows\System32\drivers\System32\drivers\5B47740D.sys
Generates some ICMP traffic
File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 个事件)
Bkav W32.AIDetectVM.malware2
DrWeb Trojan.KillFiles.65127
MicroWorld-eScan Gen:Variant.Zusy.310982
FireEye Generic.mg.acc6903910ccffc2
CAT-QuickHeal Trojan.GameHack
McAfee GenericRXAA-AA!ACC6903910CC
Cylance Unsafe
Zillya Trojan.Woool.Win32.383
Sangfor Malware
K7AntiVirus Trojan ( 0049133a1 )
Alibaba Trojan:Win32/Woool.c8f7e6c0
K7GW Trojan ( 0049133a1 )
Cybereason malicious.910ccf
Arcabit Trojan.Zusy.D4BEC6
Invincea Mal/Generic-S
BitDefenderTheta AI:Packer.3DBC28C619
Symantec SMG.Heur!gen
ESET-NOD32 a variant of Win32/Woool.C
TrendMicro-HouseCall TROJ_GEN.R03BC0OHO20
Avast Win32:DropperX-gen [Drp]
Kaspersky HEUR:Trojan-GameThief.Win32.OnLineGames.gen
BitDefender Gen:Variant.Zusy.310982
Paloalto generic.ml
AegisLab Trojan.Win32.OnLineGames.d!c
Tencent Malware.Win32.Gencirc.10cde764
Ad-Aware Gen:Variant.Zusy.310982
Comodo TrojWare.Win32.UMal.btefu@0
F-Secure Trojan.TR/Barys.726.606
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R03BC0OHO20
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Woool
Jiangmin Trojan.PSW.OnLineGames.bhq
eGambit Unsafe.AI_Score_98%
Avira TR/Barys.726.606
MAX malware (ai score=80)
Antiy-AVL Trojan[GameThief]/Win32.OnLineGames
Microsoft Trojan:Win32/Ymacco.AA0D
ViRobot Trojan.Win32.Z.Woool.3766752.E
ZoneAlarm HEUR:Trojan-GameThief.Win32.OnLineGames.gen
GData Gen:Variant.Zusy.310982
ALYac Gen:Variant.Zusy.310982
Malwarebytes RiskWare.GameHack
APEX Malicious
Rising Trojan.Woool!8.AEB (TFE:5:P0Wiu9QXnAN)
Yandex Trojan.Woool!5mtACi9icm8
SentinelOne DFI - Suspicious PE
MaxSecure Trojan.Malware.3097055.susgen
Fortinet W32/Woool.C!tr
AVG Win32:DropperX-gen [Drp]
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x513204 VirtualFree
0x513208 VirtualAlloc
0x51320c LocalFree
0x513210 LocalAlloc
0x513214 GetTickCount
0x51321c GetVersion
0x513220 GetCurrentThreadId
0x51322c VirtualQuery
0x513230 WideCharToMultiByte
0x513238 MultiByteToWideChar
0x51323c lstrlenA
0x513240 lstrcpynA
0x513244 LoadLibraryExA
0x513248 GetThreadLocale
0x51324c GetStartupInfoA
0x513250 GetProcAddress
0x513254 GetModuleHandleA
0x513258 GetModuleFileNameA
0x51325c GetLocaleInfoA
0x513260 GetLastError
0x513268 GetCommandLineA
0x51326c FreeLibrary
0x513270 FindFirstFileA
0x513274 FindClose
0x513278 CreateDirectoryA
0x51327c ExitProcess
0x513280 ExitThread
0x513284 CreateThread
0x513288 WriteFile
0x513290 RtlUnwind
0x513294 RaiseException
0x513298 GetStdHandle
Library user32.dll:
0x5132a0 GetKeyboardType
0x5132a4 LoadStringA
0x5132a8 MessageBoxA
0x5132ac CharNextA
Library advapi32.dll:
0x5132b4 RegQueryValueExA
0x5132b8 RegOpenKeyExA
0x5132bc RegCloseKey
Library oleaut32.dll:
0x5132c4 SysFreeString
0x5132c8 SysReAllocStringLen
0x5132cc SysAllocStringLen
Library kernel32.dll:
0x5132d4 TlsSetValue
0x5132d8 TlsGetValue
0x5132dc LocalAlloc
0x5132e0 GetModuleHandleA
Library advapi32.dll:
0x5132e8 RegQueryValueExA
0x5132ec RegOpenKeyExA
0x5132f0 RegFlushKey
0x5132f4 RegCreateKeyExA
0x5132f8 RegCloseKey
0x5132fc OpenProcessToken
Library kernel32.dll:
0x51330c lstrcpyA
0x513310 lstrcmpA
0x513318 WriteFile
0x51331c WinExec
0x513320 WaitForSingleObject
0x513324 VirtualQuery
0x513328 VirtualAlloc
0x51332c UnmapViewOfFile
0x513330 TerminateProcess
0x513334 Sleep
0x513338 SizeofResource
0x51333c SetThreadPriority
0x513340 SetThreadLocale
0x513344 SetFileTime
0x513348 SetFilePointer
0x51334c SetFileAttributesA
0x513350 SetEvent
0x513354 SetErrorMode
0x513358 SetEndOfFile
0x51335c ResumeThread
0x513360 ResetEvent
0x513364 RemoveDirectoryA
0x513368 ReadFile
0x51336c OpenProcess
0x513370 OpenFileMappingA
0x513374 MultiByteToWideChar
0x513378 MulDiv
0x51337c MoveFileA
0x513380 MapViewOfFile
0x513384 LockResource
0x51338c LoadResource
0x513390 LoadLibraryA
0x51339c GlobalUnlock
0x5133a0 GlobalSize
0x5133a4 GlobalReAlloc
0x5133a8 GlobalHandle
0x5133ac GlobalLock
0x5133b0 GlobalFree
0x5133b4 GlobalFindAtomA
0x5133b8 GlobalDeleteAtom
0x5133bc GlobalAlloc
0x5133c0 GlobalAddAtomA
0x5133cc GetVersionExA
0x5133d0 GetVersion
0x5133d4 GetUserDefaultLCID
0x5133dc GetTickCount
0x5133e0 GetThreadLocale
0x5133e4 GetTempPathA
0x5133e8 GetSystemInfo
0x5133ec GetSystemDirectoryA
0x5133f0 GetStringTypeExA
0x5133f4 GetStdHandle
0x5133f8 GetStartupInfoA
0x5133fc GetProcAddress
0x513404 GetModuleHandleA
0x513408 GetModuleFileNameA
0x51340c GetLogicalDrives
0x513410 GetLocaleInfoA
0x513414 GetLocalTime
0x513418 GetLastError
0x51341c GetFullPathNameA
0x513420 GetFileTime
0x513424 GetFileSize
0x51342c GetFileAttributesA
0x513430 GetExitCodeThread
0x513434 GetDriveTypeA
0x513438 GetDiskFreeSpaceA
0x51343c GetDateFormatA
0x513440 GetCurrentThreadId
0x513444 GetCurrentProcessId
0x513448 GetCurrentProcess
0x51344c GetComputerNameA
0x513450 GetCPInfo
0x513454 GetACP
0x513458 FreeResource
0x513460 InterlockedExchange
0x513468 FreeLibrary
0x51346c FormatMessageA
0x513470 FlushFileBuffers
0x513474 FindResourceA
0x513478 FindNextFileA
0x51347c FindFirstFileA
0x513480 FindClose
0x51348c ExitProcess
0x513490 EnumCalendarInfoA
0x51349c DeleteFileA
0x5134a4 CreateThread
0x5134a8 CreateProcessA
0x5134ac CreateFileMappingA
0x5134b0 CreateFileA
0x5134b4 CreateEventA
0x5134b8 CreateDirectoryA
0x5134bc CopyFileA
0x5134c0 CompareStringA
0x5134c4 CloseHandle
Library mpr.dll:
0x5134cc WNetGetConnectionA
Library version.dll:
0x5134d4 VerQueryValueA
0x5134dc GetFileVersionInfoA
Library gdi32.dll:
0x5134e4 UnrealizeObject
0x5134e8 StretchBlt
0x5134ec SetWindowOrgEx
0x5134f0 SetWinMetaFileBits
0x5134f4 SetViewportOrgEx
0x5134f8 SetTextColor
0x5134fc SetTextAlign
0x513500 SetStretchBltMode
0x513504 SetROP2
0x513508 SetPixel
0x51350c SetMapMode
0x513510 SetEnhMetaFileBits
0x513514 SetDIBColorTable
0x513518 SetBrushOrgEx
0x51351c SetBkMode
0x513520 SetBkColor
0x513524 SelectPalette
0x513528 SelectObject
0x51352c SelectClipRgn
0x513530 SaveDC
0x513534 RestoreDC
0x513538 Rectangle
0x51353c RectVisible
0x513540 RealizePalette
0x513544 Polyline
0x513548 Polygon
0x51354c PlayEnhMetaFile
0x513550 PatBlt
0x513554 MoveToEx
0x513558 MaskBlt
0x51355c LineTo
0x513560 LPtoDP
0x513564 IntersectClipRect
0x513568 GetWindowOrgEx
0x51356c GetWinMetaFileBits
0x513570 GetViewportOrgEx
0x513574 GetTextMetricsA
0x513578 GetTextExtentPointA
0x513584 GetStockObject
0x513588 GetPixel
0x51358c GetPaletteEntries
0x513590 GetObjectA
0x5135a0 GetEnhMetaFileBits
0x5135a4 GetDeviceCaps
0x5135a8 GetDIBits
0x5135ac GetDIBColorTable
0x5135b0 GetDCOrgEx
0x5135b8 GetClipBox
0x5135bc GetBrushOrgEx
0x5135c0 GetBitmapBits
0x5135c4 GdiFlush
0x5135c8 ExtTextOutA
0x5135cc ExcludeClipRect
0x5135d0 DeleteObject
0x5135d4 DeleteEnhMetaFile
0x5135d8 DeleteDC
0x5135dc CreateSolidBrush
0x5135e0 CreateRectRgn
0x5135e4 CreatePenIndirect
0x5135e8 CreatePalette
0x5135f0 CreateFontIndirectA
0x5135f4 CreateEnhMetaFileA
0x5135f8 CreateDIBitmap
0x5135fc CreateDIBSection
0x513600 CreateCompatibleDC
0x513608 CreateBrushIndirect
0x51360c CreateBitmap
0x513610 CopyEnhMetaFileA
0x513614 CombineRgn
0x513618 CloseEnhMetaFile
0x51361c BitBlt
Library user32.dll:
0x513624 CreateWindowExA
0x513628 WindowFromPoint
0x51362c WinHelpA
0x513630 WaitMessage
0x513634 UpdateWindow
0x513638 UnregisterClassA
0x51363c UnhookWindowsHookEx
0x513640 TranslateMessage
0x513648 TrackPopupMenu
0x513650 ShowWindow
0x513654 ShowScrollBar
0x513658 ShowOwnedPopups
0x51365c ShowCursor
0x513660 SetWindowRgn
0x513664 SetWindowsHookExA
0x513668 SetWindowTextA
0x51366c SetWindowPos
0x513670 SetWindowPlacement
0x513674 SetWindowLongA
0x513678 SetTimer
0x51367c SetScrollRange
0x513680 SetScrollPos
0x513684 SetScrollInfo
0x513688 SetRect
0x51368c SetPropA
0x513690 SetParent
0x513694 SetMenuItemInfoA
0x513698 SetMenu
0x51369c SetForegroundWindow
0x5136a0 SetFocus
0x5136a4 SetCursor
0x5136a8 SetClipboardData
0x5136ac SetClassLongA
0x5136b0 SetCapture
0x5136b4 SetActiveWindow
0x5136b8 SendMessageA
0x5136bc ScrollWindow
0x5136c0 ScreenToClient
0x5136c4 RemovePropA
0x5136c8 RemoveMenu
0x5136cc ReleaseDC
0x5136d0 ReleaseCapture
0x5136dc RegisterClassA
0x5136e0 RedrawWindow
0x5136e4 PtInRect
0x5136e8 PostQuitMessage
0x5136ec PostMessageA
0x5136f0 PeekMessageA
0x5136f4 OpenClipboard
0x5136f8 OffsetRect
0x5136fc OemToCharA
0x513704 MessageBoxA
0x513708 MessageBeep
0x51370c MapWindowPoints
0x513710 MapVirtualKeyA
0x513714 LoadStringA
0x513718 LoadKeyboardLayoutA
0x51371c LoadIconA
0x513720 LoadCursorA
0x513724 LoadBitmapA
0x513728 KillTimer
0x51372c IsZoomed
0x513730 IsWindowVisible
0x513734 IsWindowEnabled
0x513738 IsWindow
0x51373c IsRectEmpty
0x513740 IsIconic
0x513744 IsDialogMessageA
0x513748 IsChild
0x51374c InvalidateRect
0x513750 IntersectRect
0x513754 InsertMenuItemA
0x513758 InsertMenuA
0x51375c InflateRect
0x513764 GetWindowTextA
0x513768 GetWindowRect
0x51376c GetWindowPlacement
0x513770 GetWindowLongA
0x513774 GetWindowDC
0x513778 GetTopWindow
0x51377c GetSystemMetrics
0x513780 GetSystemMenu
0x513784 GetSysColorBrush
0x513788 GetSysColor
0x51378c GetSubMenu
0x513790 GetScrollRange
0x513794 GetScrollPos
0x513798 GetScrollInfo
0x51379c GetPropA
0x5137a0 GetParent
0x5137a4 GetWindow
0x5137a8 GetMessageTime
0x5137ac GetMenuStringA
0x5137b0 GetMenuState
0x5137b4 GetMenuItemInfoA
0x5137b8 GetMenuItemID
0x5137bc GetMenuItemCount
0x5137c0 GetMenu
0x5137c4 GetLastActivePopup
0x5137c8 GetKeyboardState
0x5137d0 GetKeyboardLayout
0x5137d4 GetKeyState
0x5137d8 GetKeyNameTextA
0x5137dc GetIconInfo
0x5137e0 GetForegroundWindow
0x5137e4 GetFocus
0x5137e8 GetDlgItem
0x5137ec GetDesktopWindow
0x5137f0 GetDCEx
0x5137f4 GetDC
0x5137f8 GetCursorPos
0x5137fc GetCursor
0x513800 GetClipboardData
0x513804 GetClientRect
0x513808 GetClassNameA
0x51380c GetClassInfoA
0x513810 GetCapture
0x513814 GetActiveWindow
0x513818 FrameRect
0x51381c FindWindowA
0x513820 FillRect
0x513824 EqualRect
0x513828 EnumWindows
0x51382c EnumThreadWindows
0x513830 EndPaint
0x513834 EnableWindow
0x513838 EnableScrollBar
0x51383c EnableMenuItem
0x513840 EmptyClipboard
0x513844 DrawTextA
0x513848 DrawMenuBar
0x51384c DrawIconEx
0x513850 DrawIcon
0x513854 DrawFrameControl
0x513858 DrawFocusRect
0x51385c DrawEdge
0x513860 DispatchMessageA
0x513864 DestroyWindow
0x513868 DestroyMenu
0x51386c DestroyIcon
0x513870 DestroyCursor
0x513874 DeleteMenu
0x513878 DefWindowProcA
0x51387c DefMDIChildProcA
0x513880 DefFrameProcA
0x513884 CreatePopupMenu
0x513888 CreateMenu
0x51388c CreateIcon
0x513890 CloseClipboard
0x513894 ClientToScreen
0x513898 CheckMenuItem
0x51389c CallWindowProcA
0x5138a0 CallNextHookEx
0x5138a4 BeginPaint
0x5138a8 CharNextA
0x5138ac CharLowerBuffA
0x5138b0 CharLowerA
0x5138b4 CharUpperBuffA
0x5138b8 CharToOemA
0x5138bc AdjustWindowRectEx
Library kernel32.dll:
0x5138c8 Sleep
Library oleaut32.dll:
0x5138d0 SafeArrayPtrOfIndex
0x5138d4 SafeArrayGetUBound
0x5138d8 SafeArrayGetLBound
0x5138dc SafeArrayCreate
0x5138e0 VariantChangeType
0x5138e4 VariantCopy
0x5138e8 VariantClear
0x5138ec VariantInit
Library ole32.dll:
0x5138f8 IsAccelerator
0x5138fc OleDraw
0x513904 OleUninitialize
0x513908 OleInitialize
0x51390c CoTaskMemFree
0x513910 ProgIDFromCLSID
0x513914 StringFromCLSID
0x513918 CoCreateInstance
0x51391c CoGetClassObject
0x513920 CoUninitialize
0x513924 CoInitialize
0x513928 IsEqualGUID
Library oleaut32.dll:
0x513930 CreateErrorInfo
0x513934 GetErrorInfo
0x513938 SetErrorInfo
0x51393c GetActiveObject
0x513940 SysFreeString
Library comctl32.dll:
0x513950 ImageList_Write
0x513954 ImageList_Read
0x513964 ImageList_DragMove
0x513968 ImageList_DragLeave
0x51396c ImageList_DragEnter
0x513970 ImageList_EndDrag
0x513974 ImageList_BeginDrag
0x513978 ImageList_Remove
0x51397c ImageList_DrawEx
0x513980 ImageList_Draw
0x513990 ImageList_Add
0x513998 ImageList_Destroy
0x51399c ImageList_Create
0x5139a0 InitCommonControls
Library shell32.dll:
0x5139a8 ShellExecuteA
Library shell32.dll:
Library comdlg32.dll:
0x5139bc GetOpenFileNameA
Library ole32.dll:
0x5139c4 CoUninitialize
0x5139c8 CoInitialize

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.