What is quick_support.exe?
quick_support.exe is usually located in the 'c:\downloads\' folder.
Some of the anti-virus scanners at VirusTotal detected quick_support.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
quick_support.exe does not have any version or vendor information.
Digital signatures [?]
quick_support.exe is not signed.
VirusTotal report
13 of the 66 anti-virus programs at VirusTotal detected the quick_support.exe file. That's a 20% detection rate.
| Scanner | Detection Name |
|---|---|
| CrowdStrike | win/malicious_confidence_60% (D) |
| Cybereason | malicious.7a1aea |
| Cyren | W32/Kryptik.AFGA-3976 |
| FireEye | Generic.mg.febc161483fe02fa |
| Invincea | heuristic |
| MAX | malware (ai score=60) |
| McAfee | Artemis!FEBC161483FE |
| McAfee-GW-Edition | BehavesLike.Win32.Backdoor.vc |
| Microsoft | Trojan:Win32/Zpevdo.A |
| Paloalto | generic.ml |
| Trapmine | malicious.moderate.ml.score |
| VBA32 | Backdoor.MSIL.Agent |
| Zillya | Trojan.Rasftuby.Win32.208 |
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\__tmp_rar_sfx_access_check_22898812"
],
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\lng.txt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\ROMServer.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\__tmp_rar_sfx_access_check_22898812",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\icon.ico",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\logo.png"
],
"regkey_written": [
"HKEY_CURRENT_USER\\Software\\LiteManager\\v3.4\\Server\\Parameters\\ID (read only)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\ROMServer_RASMANCS\\FileDirectory",
"HKEY_CURRENT_USER\\Software\\LiteManagerTeam\\LiteManager\\v3.4\\Config\\ServerExe",
"HKEY_CURRENT_USER\\Software\\LiteManager\\v3.4\\Server\\Parameters\\ROMCalendarRecordSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\ROMServer_RASMANCS\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\ROMServer_RASMANCS\\FileTracingMask",
"HKEY_CURRENT_USER\\Software\\LiteManager\\v3.4\\Server\\Parameters\\NoIPSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\ROMServer_RASMANCS\\ConsoleTracingMask",
"HKEY_CURRENT_USER\\Software\\LiteManager\\v3.4\\Server\\Parameters\\FUSClientPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server\\SysProcs\\ROMFUSClient.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\ROMServer_RASMANCS\\MaxFileSize",
"HKEY_CURRENT_USER\\Software\\LiteManager\\v3.4\\Server\\Parameters\\version",
"HKEY_CURRENT_USER\\Software\\LiteManager\\v3.4\\Server\\Parameters\\qs_exename",
"HKEY_CURRENT_USER\\Software\\LiteManager\\v3.4\\Server\\Parameters\\ChangeSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\ROMServer_RASMANCS\\EnableFileTracing"
],
"dll_loaded": [
"C:\\Windows\\system32\\riched20.dll",
"kernel32",
"API-MS-Win-Security-LSALookup-L1-1-0.dll",
"WINSTA.dll",
"msyuv.dll",
"Fwpuclnt.dll",
"kernel32.dll",
"UxTheme.dll",
"C:\\Windows\\system32\\rsaenh.dll",
"C:\\Windows\\system32\\ole32.dll",
"C:\\Windows\\system32\\sfc_os.dll",
"dwmapi.dll",
"C:\\Windows\\system32\\dwmapi.dll",
"WS2_32.DLL",
"C:\\Windows\\system32\\DXGIDebug.dll",
"imm32.dll",
"ntmarta.dll",
"msrle32.dll",
"Msctf.dll",
"Dropped
[
{
"yara": [],
"sha1": "c849c99f039d81c61def4f7003109fd81a389309",
"name": "b919be0f2da999ec_logo.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\logo.png",
"type": "PNG image data, 352 x 58, 8-bit\/color RGBA, non-interlaced",
"sha256": "b919be0f2da999ecb0789cf7fe14a834d265a2c5eb15139524c621b4f61956a8",
"urls": [],
"crc32": "B91761D3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/7379\/files\/b919be0f2da999ec_logo.png",
"ssdeep": null,
"size": 15708,
"sha512": "312344671043567237c27175887aa5190985adb95789116079a262889165c41d809262296827cf939cb1230e8419c74b01dc2f9d6af628a269d999759915936c",
"pids": [
2456
],
"md5": "b82ea2dd40582a852b0666cd6e694897"
},
{
"yara": [],
"sha1": "b442056b1812dc7682d236a65e13249c2ecb1a18",
"name": "0f3aa3aafbb48c2b_romserver.exe",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\ROMServer.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "0f3aa3aafbb48c2beec3096870aa8020b9bdcb1efdbab7839d6a7c3c9b9fe29f",
"urls": [
"http:\/\/www.usertrust.com1",
"http:\/\/ocsp.comodoca.com0",
"http:\/\/crl.usertrust.com\/UTN-USERFirst-Object.crl05",
"http:\/\/litemanager.ru\/",
"http:\/\/crl.comodoca.com\/COMODORSACodeSigningCA.crl0t",
"https:\/\/secure.comodo.net\/CPS0C",
"http:\/\/ocsp.usertrust.com0",
"http:\/\/crt.comodoca.com\/COMODORSACodeSigningCA.crt0",
"http:\/\/litemanager.com\/"
],
"crc32": "B0CEC484",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/7379\/files\/0f3aa3aafbb48c2b_romserver.exe",
"ssdeep": null,
"size": 6454792,
"sha512": "e4816c912f2b75f6678eb65d09f674d049bd9bdb87de17e733a109bd62b3a1939bb8ccba1e23977c9a61db0867b1d3e885aeaf7f29e3204bda61f22b27c25593",
"pids": [
2456
],
"md5": "923fc47c1abc92ef02c19f8ba7165ddb"
},
{
"yara": [],
"sha1": "77b3a0d40684f34662f152b8abbf0d6b7482cd24",
"name": "3fd90b6c2583d0ac_lng.txt",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\lng.txt",
"type": "ASCII text, with CRLF line terminators",
"sha256": "3fd90b6c2583d0ac43e33f40f1954e8a88ee617e31931b847a1944ac06ca48b8",
"urls": [],
"crc32": "BD0BED54",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/7379\/files\/3fd90b6c2583d0ac_lng.txt",
"ssdeep": null,
"size": 152,
"sha512": "26c167d6ae0fa56277c818c59b67c16c78655f60cb1eaa934329f575e812f6a34eee0d30d01bb5f20c02347be1b143b67f8dc216337e11c7daee4af0a2e173a2",
"pids": [
2456
],
"md5": "6b8f737c89c8be0f6b1eb7367be4b7b9"
},
{
"yara": [],
"sha1": "22db136966202912f773387d3117069dba474dfe",
"name": "6c495eb2b99a52f4_icon.ico",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\icon.ico",
"type": "MS Windows icon resource - 9 icons, 256x256",
"sha256": "6c495eb2b99a52f48465abd5a21b2987d44753368e7833ee18fbb7cfb9820ccc",
"urls": [],
"crc32": "B3BC265E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/7379\/files\/6c495eb2b99a52f4_icon.ico",
"ssdeep": null,
"size": 196248,
"sha512": "e5c58ded08456194362971d4a73925dee081318bc239f2119ed6c168c442eb31c370185edf8b5379bd1dfbcd06be3053a7355c27faada50b8d9e9cee87cd4cf1",
"pids": [
2456
],
"md5": "0dc7b62869559776df1bb619dc7f6661"
},
{
"yara": [],
"sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"name": "e3b0c44298fc1c14___tmp_rar_sfx_access_check_22898812",
"type": "empty",
"sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"urls": [],
"crc32": "00000000",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/7379\/files\/e3b0c44298fc1c14___tmp_rar_sfx_access_check_22898812",
"ssdeep": null,
"size": 0,
"sha512": "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"md5": "d41d8cd98f00b204e9800998ecf8427e"
}
]Generic
[
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\14149a29877432de8b73dbcb5baa1b1becea12d8840281cc2bad483aa1a96c49.bin",
"process_name": "14149a29877432de8b73dbcb5baa1b1becea12d8840281cc2bad483aa1a96c49.bin",
"pid": 2456,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\lng.txt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\ROMServer.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\__tmp_rar_sfx_access_check_22898812",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\icon.ico",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\logo.png"
],
"directory_created": [
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local"
],
"dll_loaded": [
"C:\\Windows\\system32\\riched20.dll",
"kernel32",
"kernel32.dll",
"UxTheme.dll",
"C:\\Windows\\system32\\rsaenh.dll",
"C:\\Windows\\system32\\sfc_os.dll",
"dwmapi.dll",
"C:\\Windows\\system32\\DXGIDebug.dll",
"Signatures
[
{
"markcount": 3,
"families": [],
"description": "Queries for the computername",
"severity": 1,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1588855989.077626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 289
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1588855998.577626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 5492
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1588855998.592626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 5499
}
],
"references": [],
"name": "antivm_queries_computername"
},
{
"markcount": 4,
"families": [],
"description": "Checks if process is being debugged by a debugger",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1588855994.827626,
"tid": 2572,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2012
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1588855994.827626,
"tid": 2236,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2229
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1588855996.248626,
"tid": 2184,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2404
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1588855996.280626,
"tid": 2648,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2426
}
],
"references": [],
"name": "checks_debugger"
},
{
"markcount": 1,
"families": [],
"description": "Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)",
"severity": 1,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\InstallDate",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "recon_fingerprint"
},
{
"markcount": 1,
"families": [],
"description": "This executable has a PDB path",
"severity": 1,
"marks": [
{
"category": "pdb_path",
"ioc": "D:\\Projects\\WinRAR\\sfx\\build\\sfxrar32\\Release\\sfxrar.pdb",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_pdb"
},
{
"markcount": 1,
"families": [],
"description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
"severity": 1,
"marks": [
{
"category": "section",
"ioc": ".gfids",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_features"
},
{
"markcount": 10,
"families": [],
"description": "One or more processes crashed",
"severity": 1,
"marks": [
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "T\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n3\nf\n0\n0\nf\ne\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n7\na\n0\n6\n2\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n4\n5\na\n5\nc\ne\n \n@\n \n0\nx\n8\n5\na\n5\nc\ne\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n2\n5\nf\n4\n2\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n4\n4\n2\n1\ne\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n9\n0\n4\n1\n2\n \n@\n \n0\nx\n6\n9\n0\n4\n1\n2\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n2\n5\nf\n4\n2\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n4\n4\n2\n1\ne\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n9\n0\n4\n1\n2\n \n@\n \n0\nx\n6\n9\n0\n4\n1\n2\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n2\n2\n7\n5\nc\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n4\n7\na\n0\n4\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\nc\nc\n2\nc\n \n@\n \n0\nx\n6\n8\nc\nc\n2\nc\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n5\nf\nd\n0\n8\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n4\n0\na\n4\n5\n8\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\nc\na\n1\nd\n8\n \n@\n \n0\nx\n4\nc\na\n1\nd\n8\n\n\n_\n_\nd\nb\nk\n_\nf\nc\na\nl\nl\n_\nw\nr\na\np\np\ne\nr\n-\n0\nx\n7\n1\n2\n6\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\na\n8\n1\ne\n \n@\n \n0\nx\n4\n0\na\n8\n1\ne\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 63372812,
"edi": 7,
"eax": 63372812,
"ebp": 63372892,
"edx": 0,
"ebx": 1,
"esi": 250477278,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1588855995.123626,
"tid": 2572,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2342
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "T\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n3\nf\n0\n0\nf\ne\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n7\na\n0\n6\n2\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n4\n5\na\n5\nc\ne\n \n@\n \n0\nx\n8\n5\na\n5\nc\ne\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n2\n5\nf\n4\n2\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n4\n4\n2\n1\ne\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n9\n0\n4\n1\n2\n \n@\n \n0\nx\n6\n9\n0\n4\n1\n2\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n2\n5\nf\n4\n2\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n4\n4\n2\n1\ne\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n9\n0\n4\n1\n2\n \n@\n \n0\nx\n6\n9\n0\n4\n1\n2\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n2\n2\n7\n5\nc\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n4\n7\na\n0\n4\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\nc\nc\n2\nc\n \n@\n \n0\nx\n6\n8\nc\nc\n2\nc\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n5\nf\nd\n0\n8\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n4\n0\na\n4\n5\n8\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\nc\na\n1\nd\n8\n \n@\n \n0\nx\n4\nc\na\n1\nd\n8\n\n\n_\n_\nd\nb\nk\n_\nf\nc\na\nl\nl\n_\nw\nr\na\np\np\ne\nr\n-\n0\nx\n7\n1\n2\n6\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\na\n8\n1\ne\n \n@\n \n0\nx\n4\n0\na\n8\n1\ne\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 64683532,
"edi": 7,
"eax": 64683532,
"ebp": 64683612,
"edx": 0,
"ebx": 1,
"esi": 250477278,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1588855995.139626,
"tid": 2236,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2355
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "T\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n3\nf\n0\n0\nf\ne\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n7\na\n0\n6\n2\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n4\n5\na\n5\nc\ne\n \n@\n \n0\nx\n8\n5\na\n5\nc\ne\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n9\nd\n3\ne\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n0\n4\n2\n2\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n4\n2\n0\ne\n \n@\n \n0\nx\n6\n7\n4\n2\n0\ne\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n9\nc\ne\n9\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n0\n4\n7\n7\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n4\n1\nb\n9\n \n@\n \n0\nx\n6\n7\n4\n1\nb\n9\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n9\nc\n5\n6\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n0\n5\n0\na\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n4\n1\n2\n6\n \n@\n \n0\nx\n6\n7\n4\n1\n2\n6\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n5\ne\n4\nd\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n4\n3\n1\n3\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n0\n3\n1\nd\n \n@\n \n0\nx\n6\n7\n0\n3\n1\nd\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\nc\n5\n7\n4\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\nd\nb\ne\nc\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n6\na\n4\n4\n \n@\n \n0\nx\n6\n7\n6\na\n4\n4\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\n9\nf\n7\nf\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\n0\n1\ne\n1\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n4\n4\n4\nf\n \n@\n \n0\nx\n6\n8\n4\n4\n4\nf\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n5\nf\nd\n0\n8\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n4\n0\na\n4\n5\n8\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\nc\na\n1\nd\n8\n \n@\n \n0\nx\n4\nc\na\n1\nd\n8\n\n\n_\n_\nd\nb\nk\n_\nf\nc\na\nl\nl\n_\nw\nr\na\np\np\ne\nr\n-\n0\nx\n7\n1\n2\n6\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\na\n8\n1\ne\n \n@\n \n0\nx\n4\n0\na\n8\n1\ne\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 63700364,
"edi": 7,
"eax": 63700364,
"ebp": 63700444,
"edx": 0,
"ebx": 1,
"esi": 250477278,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1588855996.248626,
"tid": 2252,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2384
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "T\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n3\nf\n0\n0\nf\ne\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n7\na\n0\n6\n2\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n4\n5\na\n5\nc\ne\n \n@\n \n0\nx\n8\n5\na\n5\nc\ne\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\n9\nc\n0\nc\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\n0\n5\n5\n4\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n4\n0\nd\nc\n \n@\n \n0\nx\n6\n8\n4\n0\nd\nc\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\n9\ne\n2\n4\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\n0\n3\n3\nc\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n4\n2\nf\n4\n \n@\n \n0\nx\n6\n8\n4\n2\nf\n4\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\nd\n4\n4\nd\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n4\nc\nd\n1\n3\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n7\n9\n1\nd\n \n@\n \n0\nx\n6\n8\n7\n9\n1\nd\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n4\n1\n8\nf\nf\na\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n5\n1\n1\n6\n6\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n4\n8\n3\n4\nc\na\n \n@\n \n0\nx\n8\n8\n3\n4\nc\na\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n4\n1\n5\na\nc\n0\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n5\n4\n6\na\n0\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n4\n7\nf\nf\n9\n0\n \n@\n \n0\nx\n8\n7\nf\nf\n9\n0\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n6\n3\n1\n2\n7\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n4\n0\n7\n0\n3\n9\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\nc\nd\n5\nf\n7\n \n@\n \n0\nx\n4\nc\nd\n5\nf\n7\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n6\n3\n1\n0\n7\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n4\n0\n7\n0\n5\n9\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\nc\nd\n5\nd\n7\n \n@\n \n0\nx\n4\nc\nd\n5\nd\n7\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n1\nd\ne\n5\n4\nd\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n8\nb\nc\n1\n3\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n4\n8\na\n1\nd\n \n@\n \n0\nx\n6\n4\n8\na\n1\nd\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n3\n9\n8\n1\n7\n0\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\nd\n1\nf\nf\n0\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n4\n0\n2\n6\n4\n0\n \n@\n \n0\nx\n8\n0\n2\n6\n4\n0\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n4\n5\n2\n9\n7\n9\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n1\n7\n7\ne\n7\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n4\nb\nc\ne\n4\n9\n \n@\n \n0\nx\n8\nb\nc\ne\n4\n9\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 1637296,
"edi": 7,
"eax": 1637296,
"ebp": 1637376,
"edx": 0,
"ebx": 1,
"esi": 250477278,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1588855996.248626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2388
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "T\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n3\nf\n0\n0\nf\ne\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n7\na\n0\n6\n2\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n4\n5\na\n5\nc\ne\n \n@\n \n0\nx\n8\n5\na\n5\nc\ne\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n9\nd\n6\n4\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n0\n3\nf\nc\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n4\n2\n3\n4\n \n@\n \n0\nx\n6\n7\n4\n2\n3\n4\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n9\nc\ne\n9\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n0\n4\n7\n7\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n4\n1\nb\n9\n \n@\n \n0\nx\n6\n7\n4\n1\nb\n9\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n9\nc\n5\n6\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n0\n5\n0\na\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n4\n1\n2\n6\n \n@\n \n0\nx\n6\n7\n4\n1\n2\n6\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n5\ne\n4\nd\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n4\n3\n1\n3\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n0\n3\n1\nd\n \n@\n \n0\nx\n6\n7\n0\n3\n1\nd\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\nc\n5\n7\n4\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\nd\nb\ne\nc\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n6\na\n4\n4\n \n@\n \n0\nx\n6\n7\n6\na\n4\n4\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\n9\nf\n7\nf\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\n0\n1\ne\n1\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n4\n4\n4\nf\n \n@\n \n0\nx\n6\n8\n4\n4\n4\nf\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n5\nf\nd\n0\n8\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n4\n0\na\n4\n5\n8\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\nc\na\n1\nd\n8\n \n@\n \n0\nx\n4\nc\na\n1\nd\n8\n\n\n_\n_\nd\nb\nk\n_\nf\nc\na\nl\nl\n_\nw\nr\na\np\np\ne\nr\n-\n0\nx\n7\n1\n2\n6\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\na\n8\n1\ne\n \n@\n \n0\nx\n4\n0\na\n8\n1\ne\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 89128332,
"edi": 7,
"eax": 89128332,
"ebp": 89128412,
"edx": 0,
"ebx": 1,
"esi": 250477278,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1588855998.342626,
"tid": 2268,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 4469
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "T\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n3\nf\n0\n0\nf\ne\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n7\na\n0\n6\n2\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n4\n5\na\n5\nc\ne\n \n@\n \n0\nx\n8\n5\na\n5\nc\ne\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\n9\nb\nb\n4\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\n0\n5\na\nc\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n4\n0\n8\n4\n \n@\n \n0\nx\n6\n8\n4\n0\n8\n4\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\n9\ne\n2\n4\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\n0\n3\n3\nc\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n4\n2\nf\n4\n \n@\n \n0\nx\n6\n8\n4\n2\nf\n4\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\nd\n4\n4\nd\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n4\nc\nd\n1\n3\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n7\n9\n1\nd\n \n@\n \n0\nx\n6\n8\n7\n9\n1\nd\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n3\n7\n6\n1\nb\n8\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\nf\n3\nf\na\n8\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n3\ne\n0\n6\n8\n8\n \n@\n \n0\nx\n7\ne\n0\n6\n8\n8\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n5\nf\nd\n0\n8\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n4\n0\na\n4\n5\n8\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\nc\na\n1\nd\n8\n \n@\n \n0\nx\n4\nc\na\n1\nd\n8\n\n\n_\n_\nd\nb\nk\n_\nf\nc\na\nl\nl\n_\nw\nr\na\np\np\ne\nr\n-\n0\nx\n7\n1\n2\n6\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\na\n8\n1\ne\n \n@\n \n0\nx\n4\n0\na\n8\n1\ne\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 87489812,
"edi": 7,
"eax": 87489812,
"ebp": 87489892,
"edx": 0,
"ebx": 1,
"esi": 250477278,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1588855998.467626,
"tid": 264,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 5257
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "T\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n3\nf\n0\n0\nf\ne\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n7\na\n0\n6\n2\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n4\n5\na\n5\nc\ne\n \n@\n \n0\nx\n8\n5\na\n5\nc\ne\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n9\nd\n6\n4\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n0\n3\nf\nc\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n4\n2\n3\n4\n \n@\n \n0\nx\n6\n7\n4\n2\n3\n4\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n9\nc\ne\n9\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n0\n4\n7\n7\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n4\n1\nb\n9\n \n@\n \n0\nx\n6\n7\n4\n1\nb\n9\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n9\nc\n5\n6\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n0\n5\n0\na\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n4\n1\n2\n6\n \n@\n \n0\nx\n6\n7\n4\n1\n2\n6\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n5\ne\n4\nd\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n4\n3\n1\n3\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n0\n3\n1\nd\n \n@\n \n0\nx\n6\n7\n0\n3\n1\nd\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\nc\n5\n7\n4\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\nd\nb\ne\nc\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n6\na\n4\n4\n \n@\n \n0\nx\n6\n7\n6\na\n4\n4\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\n9\nf\n7\nf\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\n0\n1\ne\n1\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n4\n4\n4\nf\n \n@\n \n0\nx\n6\n8\n4\n4\n4\nf\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n5\nf\nd\n0\n8\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n4\n0\na\n4\n5\n8\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\nc\na\n1\nd\n8\n \n@\n \n0\nx\n4\nc\na\n1\nd\n8\n\n\n_\n_\nd\nb\nk\n_\nf\nc\na\nl\nl\n_\nw\nr\na\np\np\ne\nr\n-\n0\nx\n7\n1\n2\n6\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\na\n8\n1\ne\n \n@\n \n0\nx\n4\n0\na\n8\n1\ne\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 92536204,
"edi": 7,
"eax": 92536204,
"ebp": 92536284,
"edx": 0,
"ebx": 1,
"esi": 250477278,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1588856000.077626,
"tid": 2728,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 5648
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "T\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n3\nf\n0\n0\nf\ne\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n7\na\n0\n6\n2\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n4\n5\na\n5\nc\ne\n \n@\n \n0\nx\n8\n5\na\n5\nc\ne\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\n9\nb\nb\n4\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\n0\n5\na\nc\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n4\n0\n8\n4\n \n@\n \n0\nx\n6\n8\n4\n0\n8\n4\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\n9\ne\n2\n4\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\n0\n3\n3\nc\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n4\n2\nf\n4\n \n@\n \n0\nx\n6\n8\n4\n2\nf\n4\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\nd\n4\n4\nd\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n4\nc\nd\n1\n3\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n7\n9\n1\nd\n \n@\n \n0\nx\n6\n8\n7\n9\n1\nd\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n3\n7\n6\n1\nb\n8\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\nf\n3\nf\na\n8\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n3\ne\n0\n6\n8\n8\n \n@\n \n0\nx\n7\ne\n0\n6\n8\n8\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n5\nf\nd\n0\n8\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n4\n0\na\n4\n5\n8\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\nc\na\n1\nd\n8\n \n@\n \n0\nx\n4\nc\na\n1\nd\n8\n\n\n_\n_\nd\nb\nk\n_\nf\nc\na\nl\nl\n_\nw\nr\na\np\np\ne\nr\n-\n0\nx\n7\n1\n2\n6\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\na\n8\n1\ne\n \n@\n \n0\nx\n4\n0\na\n8\n1\ne\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 90438932,
"edi": 7,
"eax": 90438932,
"ebp": 90439012,
"edx": 0,
"ebx": 1,
"esi": 250477278,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1588856000.202626,
"tid": 2484,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 5657
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "T\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n3\nf\n0\n0\nf\ne\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n7\na\n0\n6\n2\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n4\n5\na\n5\nc\ne\n \n@\n \n0\nx\n8\n5\na\n5\nc\ne\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n9\nd\n6\n4\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n0\n3\nf\nc\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n4\n2\n3\n4\n \n@\n \n0\nx\n6\n7\n4\n2\n3\n4\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n9\nc\ne\n9\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n0\n4\n7\n7\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n4\n1\nb\n9\n \n@\n \n0\nx\n6\n7\n4\n1\nb\n9\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n9\nc\n5\n6\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n0\n5\n0\na\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n4\n1\n2\n6\n \n@\n \n0\nx\n6\n7\n4\n1\n2\n6\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\n5\ne\n4\nd\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n6\n4\n3\n1\n3\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n0\n3\n1\nd\n \n@\n \n0\nx\n6\n7\n0\n3\n1\nd\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n0\nc\n5\n7\n4\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\nd\nb\ne\nc\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n7\n6\na\n4\n4\n \n@\n \n0\nx\n6\n7\n6\na\n4\n4\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\n9\nf\n7\nf\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\n0\n1\ne\n1\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n4\n4\n4\nf\n \n@\n \n0\nx\n6\n8\n4\n4\n4\nf\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n5\nf\nd\n0\n8\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n4\n0\na\n4\n5\n8\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\nc\na\n1\nd\n8\n \n@\n \n0\nx\n4\nc\na\n1\nd\n8\n\n\n_\n_\nd\nb\nk\n_\nf\nc\na\nl\nl\n_\nw\nr\na\np\np\ne\nr\n-\n0\nx\n7\n1\n2\n6\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\na\n8\n1\ne\n \n@\n \n0\nx\n4\n0\na\n8\n1\ne\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 95026572,
"edi": 7,
"eax": 95026572,
"ebp": 95026652,
"edx": 0,
"ebx": 1,
"esi": 250477278,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1588856060.092626,
"tid": 2988,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 6929
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "T\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n3\nf\n0\n0\nf\ne\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n7\na\n0\n6\n2\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n4\n5\na\n5\nc\ne\n \n@\n \n0\nx\n8\n5\na\n5\nc\ne\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\n9\nb\nb\n4\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\n0\n5\na\nc\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n4\n0\n8\n4\n \n@\n \n0\nx\n6\n8\n4\n0\n8\n4\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\n9\ne\n2\n4\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n5\n0\n3\n3\nc\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n4\n2\nf\n4\n \n@\n \n0\nx\n6\n8\n4\n2\nf\n4\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n2\n1\nd\n4\n4\nd\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n2\n4\nc\nd\n1\n3\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n2\n8\n7\n9\n1\nd\n \n@\n \n0\nx\n6\n8\n7\n9\n1\nd\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n3\n7\n6\n1\nb\n8\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\nf\n3\nf\na\n8\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\n3\ne\n0\n6\n8\n8\n \n@\n \n0\nx\n7\ne\n0\n6\n8\n8\n\n\nT\nM\ne\nt\nh\no\nd\nI\nm\np\nl\ne\nm\ne\nn\nt\na\nt\ni\no\nn\nI\nn\nt\ne\nr\nc\ne\np\nt\n+\n0\nx\n5\nf\nd\n0\n8\n \nd\nb\nk\nF\nC\na\nl\nl\nW\nr\na\np\np\ne\nr\nA\nd\nd\nr\n-\n0\nx\n4\n0\na\n4\n5\n8\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\nc\na\n1\nd\n8\n \n@\n \n0\nx\n4\nc\na\n1\nd\n8\n\n\n_\n_\nd\nb\nk\n_\nf\nc\na\nl\nl\n_\nw\nr\na\np\np\ne\nr\n-\n0\nx\n7\n1\n2\n6\n \nr\no\nm\ns\ne\nr\nv\ne\nr\n+\n0\nx\na\n8\n1\ne\n \n@\n \n0\nx\n4\n0\na\n8\n1\ne\n\n\nB\na\ns\ne\nT\nh\nr\ne\na\nd\nI\nn\ni\nt\nT\nh\nu\nn\nk\n+\n0\nx\n1\n2\n \nV\ne\nr\ni\nf\ny\nC\no\nn\ns\no\nl\ne\nI\no\nH\na\nn\nd\nl\ne\n-\n0\nx\nb\n3\n \nk\ne\nr\nn\ne\nl\n3\n2\n+\n0\nx\n1\n3\n3\nc\na\n \n@\n \n0\nx\n7\n5\nb\nc\n3\n3\nc\na\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 90438932,
"edi": 7,
"eax": 90438932,
"ebp": 90439012,
"edx": 0,
"ebx": 1,
"esi": 250477278,
"ecx": 7
},
"exception": {
"instruction_r": "c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b",
"symbol": "RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727",
"instruction": "leave",
"module": "KERNELBASE.dll",
"exception_code": "0xeedfade",
"offset": 46887,
"address": "0x75dbb727"
}
},
"time": 1588856060.217626,
"tid": 3000,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 6944
}
],
"references": [],
"name": "raises_exception"
},
{
"markcount": 14,
"families": [],
"description": "Starts servers listening",
"severity": 2,
"marks": [
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "bind",
"return_value": 0,
"arguments": {
"ip_address": "0.0.0.0",
"socket": 440,
"port": 5650
},
"time": 1588855994.827626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 1998
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "bind",
"return_value": 0,
"arguments": {
"ip_address": "",
"socket": 576,
"port": 0
},
"time": 1588855994.827626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2005
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "listen",
"return_value": 0,
"arguments": {
"socket": 440,
"backlog": 15
},
"time": 1588855994.827626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2008
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "listen",
"return_value": 0,
"arguments": {
"socket": 576,
"backlog": 15
},
"time": 1588855994.827626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2011
},
{
"call": {
"category": "network",
"status": 0,
"stacktrace": [],
"last_error": 10038,
"nt_status": -1073741811,
"api": "accept",
"return_value": 4294967295,
"arguments": {
"ip_address": "",
"socket": 4294967295,
"port": 0
},
"time": 1588855995.123626,
"tid": 2572,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2338
},
{
"call": {
"category": "network",
"status": 0,
"stacktrace": [],
"last_error": 10038,
"nt_status": -1073741811,
"api": "accept",
"return_value": 4294967295,
"arguments": {
"ip_address": "",
"socket": 4294967295,
"port": 0
},
"time": 1588855995.139626,
"tid": 2236,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2351
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "bind",
"return_value": 0,
"arguments": {
"ip_address": "0.0.0.0",
"socket": 584,
"port": 0
},
"time": 1588855995.248626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2365
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "bind",
"return_value": 0,
"arguments": {
"ip_address": "0.0.0.0",
"socket": 576,
"port": 5650
},
"time": 1588855996.248626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2393
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "bind",
"return_value": 0,
"arguments": {
"ip_address": "",
"socket": 604,
"port": 0
},
"time": 1588855996.248626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2398
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "listen",
"return_value": 0,
"arguments": {
"socket": 576,
"backlog": 15
},
"time": 1588855996.248626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2400
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "listen",
"return_value": 0,
"arguments": {
"socket": 604,
"backlog": 15
},
"time": 1588855996.248626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2403
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "bind",
"return_value": 0,
"arguments": {
"ip_address": "0.0.0.0",
"socket": 940,
"port": 0
},
"time": 1588855998.342626,
"tid": 264,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 4462
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "bind",
"return_value": 0,
"arguments": {
"ip_address": "0.0.0.0",
"socket": 992,
"port": 0
},
"time": 1588856000.077626,
"tid": 2484,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 5641
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "bind",
"return_value": 0,
"arguments": {
"ip_address": "0.0.0.0",
"socket": 944,
"port": 0
},
"time": 1588856060.092626,
"tid": 3000,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 6922
}
],
"references": [],
"name": "network_bind"
},
{
"markcount": 4,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1948,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x02410000"
},
"time": 1588855989.061626,
"tid": 460,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 1948,
"type": "call",
"cid": 164
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1948,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x0095b000"
},
"time": 1588855994.905626,
"tid": 460,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 1948,
"type": "call",
"cid": 2254
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1948,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x0095b000"
},
"time": 1588855994.905626,
"tid": 460,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 1948,
"type": "call",
"cid": 2256
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1948,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x0095b000"
},
"time": 1588855994.905626,
"tid": 460,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 1948,
"type": "call",
"cid": 2258
}
],
"references": [],
"name": "allocates_rwx"
},
{
"markcount": 1,
"families": [],
"description": "Creates a service",
"severity": 2,
"marks": [
{
"call": {
"category": "services",
"status": 1,
"stacktrace": [],
"api": "CreateServiceW",
"return_value": 3495096,
"arguments": {
"service_start_name": "",
"start_type": 3,
"service_handle": "0x003554b8",
"display_name": "LiteManagerTeam LiteManager_Support",
"error_control": 1,
"service_name": "ROMService_Support",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\ROMServer.exe",
"filepath_r": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\ROMServer.exe",
"service_manager_handle": "0x003554e0",
"desired_access": 983551,
"service_type": 16,
"password": ""
},
"time": 1588855992.655626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 1627
}
],
"references": [],
"name": "creates_service"
},
{
"markcount": 1,
"families": [],
"description": "Drops a binary and executes it",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\ROMServer.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "dropper"
},
{
"markcount": 1,
"families": [],
"description": "Drops an executable to the user AppData folder",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\RarSFX0\\ROMServer.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "exe_appdata"
},
{
"markcount": 1,
"families": [],
"description": "Checks adapter addresses which can be used to detect virtual network interfaces",
"severity": 2,
"marks": [
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "GetAdaptersAddresses",
"return_value": 0,
"arguments": {
"flags": 46,
"family": 0
},
"time": 1588855998.405626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 5079
}
],
"references": [],
"name": "antivm_network_adapters"
},
{
"markcount": 2,
"families": [],
"description": "Checks for the Locally Unique Identifier on the system for a suspicious privilege",
"severity": 2,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeDebugPrivilege"
},
"time": 1588855992.639626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 1617
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeTcbPrivilege"
},
"time": 1588855994.905626,
"tid": 460,
"flags": {}
},
"pid": 1948,
"type": "call",
"cid": 2286
}
],
"references": [],
"name": "privilege_luid_check"
},
{
"markcount": 1,
"families": [],
"description": "Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config",
"severity": 3,
"marks": [
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegSetValueExW",
"return_value": 0,
"arguments": {
"key_handle": "0x00000298",
"value": "\u00ff\u00fe<\u0000?\u0000x\u0000m\u0000l\u0000 \u0000v\u0000e\u0000r\u0000s\u0000i\u0000o\u0000n\u0000=\u0000\"\u00001\u0000.\u00000\u0000\"\u0000 \u0000e\u0000n\u0000c\u0000o\u0000d\u0000i\u0000n\u0000g\u0000=\u0000\"\u0000U\u0000T\u0000F\u0000-\u00001\u00006\u0000\"\u0000?\u0000>\u0000\r\u0000\n\u0000<\u0000s\u0000r\u0000e\u0000e\u0000n\u0000_\u0000r\u0000e\u0000c\u0000o\u0000r\u0000d\u0000_\u0000o\u0000p\u0000t\u0000i\u0000o\u0000n\u0000 \u0000v\u0000e\u0000r\u0000s\u0000i\u0000o\u0000n\u0000=\u0000\"\u00004\u00008\u00007\u00002\u0000\"\u0000>\u0000<\u0000m\u0000a\u0000i\u0000n\u0000_\u0000o\u0000p\u0000t\u0000i\u0000o\u0000n\u0000s\u0000>\u0000<\u0000a\u0000c\u0000t\u0000i\u0000v\u0000e\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000a\u0000c\u0000t\u0000i\u0000v\u0000e\u0000>\u0000<\u0000i\u0000n\u0000t\u0000e\u0000r\u0000v\u0000a\u0000l\u0000_\u0000s\u0000h\u0000o\u0000t\u0000>\u00006\u00000\u0000<\u0000\/\u0000i\u0000n\u0000t\u0000e\u0000r\u0000v\u0000a\u0000l\u0000_\u0000s\u0000h\u0000o\u0000t\u0000>\u0000<\u0000p\u0000r\u0000o\u0000t\u0000e\u0000c\u0000t\u0000_\u0000r\u0000e\u0000c\u0000o\u0000r\u0000d\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000p\u0000r\u0000o\u0000t\u0000e\u0000c\u0000t\u0000_\u0000r\u0000e\u0000c\u0000o\u0000r\u0000d\u0000>\u0000<\u0000c\u0000o\u0000m\u0000p\u0000r\u0000e\u0000s\u0000s\u0000i\u0000o\u0000n\u0000_\u0000q\u0000u\u0000a\u0000l\u0000i\u0000t\u0000y\u0000>\u00009\u00000\u0000<\u0000\/\u0000c\u0000o\u0000m\u0000p\u0000r\u0000e\u0000s\u0000s\u0000i\u0000o\u0000n\u0000_\u0000q\u0000u\u0000a\u0000l\u0000i\u0000t\u0000y\u0000>\u0000<\u0000s\u0000c\u0000a\u0000l\u0000e\u0000_\u0000q\u0000u\u0000a\u0000l\u0000i\u0000t\u0000y\u0000>\u00001\u00000\u00000\u0000<\u0000\/\u0000s\u0000c\u0000a\u0000l\u0000e\u0000_\u0000q\u0000u\u0000a\u0000l\u0000i\u0000t\u0000y\u0000>\u0000<\u0000c\u0000o\u0000m\u0000p\u0000r\u0000e\u0000s\u0000s\u0000i\u0000o\u0000n\u0000_\u0000t\u0000y\u0000p\u0000e\u0000>\u00000\u0000<\u0000\/\u0000c\u0000o\u0000m\u0000p\u0000r\u0000e\u0000s\u0000s\u0000i\u0000o\u0000n\u0000_\u0000t\u0000y\u0000p\u0000e\u0000>\u0000<\u0000m\u0000a\u0000x\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000s\u0000i\u0000z\u0000e\u0000>\u00001\u00000\u00000\u0000<\u0000\/\u0000m\u0000a\u0000x\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000s\u0000i\u0000z\u0000e\u0000>\u0000<\u0000a\u0000u\u0000t\u0000o\u0000_\u0000c\u0000l\u0000e\u0000a\u0000r\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000a\u0000u\u0000t\u0000o\u0000_\u0000c\u0000l\u0000e\u0000a\u0000r\u0000>\u0000<\u0000a\u0000u\u0000t\u0000o\u0000_\u0000c\u0000l\u0000e\u0000a\u0000r\u0000_\u0000d\u0000a\u0000y\u0000s\u0000>\u00000\u0000<\u0000\/\u0000a\u0000u\u0000t\u0000o\u0000_\u0000c\u0000l\u0000e\u0000a\u0000r\u0000_\u0000d\u0000a\u0000y\u0000s\u0000>\u0000<\u0000u\u0000s\u0000e\u0000d\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000l\u0000i\u0000m\u0000i\u0000t\u0000>\u0000t\u0000r\u0000u\u0000e\u0000<\u0000\/\u0000u\u0000s\u0000e\u0000d\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000l\u0000i\u0000m\u0000i\u0000t\u0000>\u0000<\u0000a\u0000l\u0000l\u0000_\u0000f\u0000i\u0000l\u0000e\u0000s\u0000_\u0000l\u0000i\u0000m\u0000i\u0000t\u0000_\u0000m\u0000b\u0000>\u00001\u00000\u00000\u00000\u0000<\u0000\/\u0000a\u0000l\u0000l\u0000_\u0000f\u0000i\u0000l\u0000e\u0000s\u0000_\u0000l\u0000i\u0000m\u0000i\u0000t\u0000_\u0000m\u0000b\u0000>\u0000<\u0000d\u0000r\u0000a\u0000w\u0000_\u0000d\u0000a\u0000t\u0000a\u0000t\u0000i\u0000m\u0000e\u0000_\u0000o\u0000n\u0000_\u0000i\u0000m\u0000a\u0000g\u0000e\u0000>\u0000t\u0000r\u0000u\u0000e\u0000<\u0000\/\u0000d\u0000r\u0000a\u0000w\u0000_\u0000d\u0000a\u0000t\u0000a\u0000t\u0000i\u0000m\u0000e\u0000_\u0000o\u0000n\u0000_\u0000i\u0000m\u0000a\u0000g\u0000e\u0000>\u0000<\u0000d\u0000r\u0000a\u0000w\u0000_\u0000u\u0000s\u0000e\u0000r\u0000n\u0000a\u0000m\u0000e\u0000_\u0000o\u0000n\u0000_\u0000i\u0000m\u0000a\u0000g\u0000e\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000d\u0000r\u0000a\u0000w\u0000_\u0000u\u0000s\u0000e\u0000r\u0000n\u0000a\u0000m\u0000e\u0000_\u0000o\u0000n\u0000_\u0000i\u0000m\u0000a\u0000g\u0000e\u0000>\u0000<\u0000u\u0000s\u0000e\u0000_\u0000n\u0000e\u0000w\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000p\u0000a\u0000t\u0000h\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000u\u0000s\u0000e\u0000_\u0000n\u0000e\u0000w\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000p\u0000a\u0000t\u0000h\u0000>\u0000<\u0000n\u0000e\u0000w\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000p\u0000a\u0000t\u0000h\u0000>\u0000<\u0000\/\u0000n\u0000e\u0000w\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000p\u0000a\u0000t\u0000h\u0000>\u0000<\u0000a\u0000d\u0000d\u0000_\u0000c\u0000o\u0000m\u0000p\u0000_\u0000n\u0000a\u0000m\u0000e\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000a\u0000d\u0000d\u0000_\u0000c\u0000o\u0000m\u0000p\u0000_\u0000n\u0000a\u0000m\u0000e\u0000>\u0000<\u0000n\u0000a\u0000m\u0000e\u0000_\u0000d\u0000a\u0000t\u0000e\u0000_\u0000m\u0000a\u0000s\u0000k\u0000>\u0000d\u0000d\u0000-\u0000m\u0000m\u0000-\u0000e\u0000e\u0000 \u0000h\u0000h\u0000-\u0000n\u0000n\u0000-\u0000s\u0000s\u0000<\u0000\/\u0000n\u0000a\u0000m\u0000e\u0000_\u0000d\u0000a\u0000t\u0000e\u0000_\u0000m\u0000a\u0000s\u0000k\u0000>\u0000<\u0000a\u0000d\u0000d\u0000_\u0000s\u0000c\u0000h\u0000e\u0000l\u0000u\u0000d\u0000e\u0000_\u0000i\u0000d\u0000>\u0000t\u0000r\u0000u\u0000e\u0000<\u0000\/\u0000a\u0000d\u0000d\u0000_\u0000s\u0000c\u0000h\u0000e\u0000l\u0000u\u0000d\u0000e\u0000_\u0000i\u0000d\u0000>\u0000<\u0000d\u0000i\u0000s\u0000a\u0000b\u0000l\u0000e\u0000_\u0000d\u0000u\u0000p\u0000l\u0000i\u0000c\u0000a\u0000t\u0000e\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000d\u0000i\u0000s\u0000a\u0000b\u0000l\u0000e\u0000_\u0000d\u0000u\u0000p\u0000l\u0000i\u0000c\u0000a\u0000t\u0000e\u0000>\u0000<\u0000p\u0000i\u0000c\u0000t\u0000u\u0000r\u0000e\u0000_\u0000m\u0000a\u0000t\u0000c\u0000h\u0000>\u00001\u00000\u00000\u0000<\u0000\/\u0000p\u0000i\u0000c\u0000t\u0000u\u0000r\u0000e\u0000_\u0000m\u0000a\u0000t\u0000c\u0000h\u0000>\u0000<\u0000d\u0000e\u0000l\u0000e\u0000t\u0000e\u0000_\u0000o\u0000l\u0000d\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000w\u0000h\u0000e\u0000n\u0000_\u0000l\u0000i\u0000m\u0000i\u0000t\u0000e\u0000_\u0000i\u0000s\u0000_\u0000r\u0000e\u0000a\u0000c\u0000h\u0000e\u0000d\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000d\u0000e\u0000l\u0000e\u0000t\u0000e\u0000_\u0000o\u0000l\u0000d\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000w\u0000h\u0000e\u0000n\u0000_\u0000l\u0000i\u0000m\u0000i\u0000t\u0000e\u0000_\u0000i\u0000s\u0000_\u0000r\u0000e\u0000a\u0000c\u0000h\u0000e\u0000d\u0000>\u0000<\u0000f\u0000r\u0000a\u0000m\u0000e\u0000_\u0000p\u0000e\u0000r\u0000_\u0000s\u0000e\u0000c\u0000>\u00001\u0000<\u0000\/\u0000f\u0000r\u0000a\u0000m\u0000e\u0000_\u0000p\u0000e\u0000r\u0000_\u0000s\u0000e\u0000c\u0000>\u0000<\u0000c\u0000a\u0000p\u0000t\u0000u\u0000r\u0000e\u0000_\u0000o\u0000n\u0000l\u0000y\u0000_\u0000m\u0000a\u0000i\u0000n\u0000_\u0000s\u0000c\u0000r\u0000e\u0000e\u0000n\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000c\u0000a\u0000p\u0000t\u0000u\u0000r\u0000e\u0000_\u0000o\u0000n\u0000l\u0000y\u0000_\u0000m\u0000a\u0000i\u0000n\u0000_\u0000s\u0000c\u0000r\u0000e\u0000e\u0000n\u0000>\u0000<\u0000s\u0000a\u0000v\u0000e\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000a\u0000s\u0000_\u0000s\u0000i\u0000n\u0000g\u0000l\u0000e\u0000_\u0000i\u0000m\u0000a\u0000g\u0000e\u0000s\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000s\u0000a\u0000v\u0000e\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000a\u0000s\u0000_\u0000s\u0000i\u0000n\u0000g\u0000l\u0000e\u0000_\u0000i\u0000m\u0000a\u0000g\u0000e\u0000s\u0000>\u0000<\u0000s\u0000a\u0000v\u0000e\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000o\u0000n\u0000l\u0000y\u0000_\u0000o\u0000n\u0000_\u0000n\u0000o\u0000i\u0000p\u0000_\u0000s\u0000y\u0000n\u0000c\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000s\u0000a\u0000v\u0000e\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000o\u0000n\u0000l\u0000y\u0000_\u0000o\u0000n\u0000_\u0000n\u0000o\u0000i\u0000p\u0000_\u0000s\u0000y\u0000n\u0000c\u0000>\u0000<\u0000r\u0000e\u0000c\u0000o\u0000r\u0000d\u0000_\u0000o\u0000n\u0000l\u0000y\u0000_\u0000a\u0000c\u0000t\u0000i\u0000v\u0000e\u0000_\u0000r\u0000e\u0000m\u0000o\u0000t\u0000e\u0000_\u0000a\u0000c\u0000c\u0000e\u0000s\u0000s\u0000_\u0000s\u0000e\u0000s\u0000s\u0000i\u0000o\u0000n\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000r\u0000e\u0000c\u0000o\u0000r\u0000d\u0000_\u0000o\u0000n\u0000l\u0000y\u0000_\u0000a\u0000c\u0000t\u0000i\u0000v\u0000e\u0000_\u0000r\u0000e\u0000m\u0000o\u0000t\u0000e\u0000_\u0000a\u0000c\u0000c\u0000e\u0000s\u0000s\u0000_\u0000s\u0000e\u0000s\u0000s\u0000i\u0000o\u0000n\u0000>\u0000<\u0000r\u0000e\u0000c\u0000o\u0000r\u0000d\u0000_\u0000o\u0000n\u0000l\u0000y\u0000_\u0000w\u0000h\u0000e\u0000n\u0000_\u0000u\u0000s\u0000e\u0000r\u0000_\u0000a\u0000c\u0000t\u0000i\u0000v\u0000e\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000r\u0000e\u0000c\u0000o\u0000r\u0000d\u0000_\u0000o\u0000n\u0000l\u0000y\u0000_\u0000w\u0000h\u0000e\u0000n\u0000_\u0000u\u0000s\u0000e\u0000r\u0000_\u0000a\u0000c\u0000t\u0000i\u0000v\u0000e\u0000>\u0000<\u0000a\u0000v\u0000i\u0000_\u0000w\u0000i\u0000d\u0000t\u0000h\u0000>\u00000\u0000<\u0000\/\u0000a\u0000v\u0000i\u0000_\u0000w\u0000i\u0000d\u0000t\u0000h\u0000>\u0000<\u0000a\u0000v\u0000i\u0000_\u0000h\u0000e\u0000i\u0000g\u0000h\u0000t\u0000>\u00000\u0000<\u0000\/\u0000a\u0000v\u0000i\u0000_\u0000h\u0000e\u0000i\u0000g\u0000h\u0000t\u0000>\u0000<\u0000a\u0000v\u0000i\u0000_\u0000f\u0000r\u0000a\u0000m\u0000e\u0000_\u0000t\u0000i\u0000m\u0000e\u0000>\u00000\u0000<\u0000\/\u0000a\u0000v\u0000i\u0000_\u0000f\u0000r\u0000a\u0000m\u0000e\u0000_\u0000t\u0000i\u0000m\u0000e\u0000>\u0000<\u0000a\u0000v\u0000i\u0000_\u0000c\u0000o\u0000m\u0000p\u0000r\u0000e\u0000s\u0000s\u0000i\u0000o\u0000n\u0000_\u0000q\u0000u\u0000a\u0000l\u0000i\u0000t\u0000y\u0000>\u00001\u00000\u00000\u00000\u00000\u0000<\u0000\/\u0000a\u0000v\u0000i\u0000_\u0000c\u0000o\u0000m\u0000p\u0000r\u0000e\u0000s\u0000s\u0000i\u0000o\u0000n\u0000_\u0000q\u0000u\u0000a\u0000l\u0000i\u0000t\u0000y\u0000>\u0000<\u0000a\u0000v\u0000i\u0000_\u0000p\u0000i\u0000x\u0000e\u0000l\u0000_\u0000f\u0000o\u0000r\u0000m\u0000a\u0000t\u0000>\u00002\u00004\u0000<\u0000\/\u0000a\u0000v\u0000i\u0000_\u0000p\u0000i\u0000x\u0000e\u0000l\u0000_\u0000f\u0000o\u0000r\u0000m\u0000a\u0000t\u0000>\u0000<\u0000a\u0000v\u0000i\u0000_\u0000f\u0000o\u0000u\u0000r\u0000c\u0000c\u0000>\u0000M\u0000S\u0000V\u0000C\u0000<\u0000\/\u0000a\u0000v\u0000i\u0000_\u0000f\u0000o\u0000u\u0000r\u0000c\u0000c\u0000>\u0000<\u0000a\u0000v\u0000i\u0000_\u0000a\u0000u\u0000t\u0000o\u0000s\u0000i\u0000z\u0000e\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000a\u0000v\u0000i\u0000_\u0000a\u0000u\u0000t\u0000o\u0000s\u0000i\u0000z\u0000e\u0000>\u0000<\u0000a\u0000v\u0000i\u0000_\u0000e\u0000n\u0000a\u0000b\u0000l\u0000e\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000f\u0000o\u0000r\u0000m\u0000a\u0000t\u0000>\u0000f\u0000a\u0000l\u0000s\u0000e\u0000<\u0000\/\u0000a\u0000v\u0000i\u0000_\u0000e\u0000n\u0000a\u0000b\u0000l\u0000e\u0000_\u0000f\u0000i\u0000l\u0000e\u0000_\u0000f\u0000o\u0000r\u0000m\u0000a\u0000t\u0000>\u0000<\u0000a\u0000v\u0000i\u0000_\u0000c\u0000o\u0000m\u0000p\u0000l\u0000i\u0000s\u0000t\u0000_\u0000p\u0000f\u00001\u0000B\u0000i\u0000t\u0000>\u0000<\u0000\/\u0000a\u0000v\u0000i\u0000_\u0000c\u0000o\u0000m\u0000p\u0000l\u0000i\u0000s\u0000t\u0000_\u0000p\u0000f\u00001\u0000B\u0000i\u0000t\u0000>\u0000<\u0000a\u0000v\u0000i\u0000_\u0000c\u0000o\u0000m\u0000p\u0000l\u0000i\u0000s\u0000t\u0000_\u0000p\u0000f\u00004\u0000B\u0000i\u0000t\u0000>\u0000<\u0000\/\u0000a\u0000v\u0000i\u0000_\u0000c\u0000o\u0000m\u0000p\u0000l\u0000i\u0000s\u0000t\u0000_\u0000p\u0000f\u00004\u0000B\u0000i\u0000t\u0000>\u0000<\u0000a\u0000v\u0000i\u0000_\u0000c\u0000o\u0000m\u0000p\u0000l\u0000i\u0000s\u0000t\u0000_\u0000p\u0000f\u00008\u0000B\u0000i\u0000t\u0000>\u0000\"\u0000M\u0000R\u0000L\u0000E\u0000 \u0000M\u0000i\u0000c\u0000r\u0000o\u0000s\u0000o\u0000f\u0000t\u0000 \u0000R\u0000L\u0000E\u0000\"\u0000,\u0000\"\u0000M\u0000S\u0000V\u0000C\u0000 \u0000M\u0000i\u0000c\u0000r\u0000o\u0000s\u0000o\u0000f\u0000t\u0000 \u0000V\u0000i\u0000d\u0000e\u0000o\u0000 \u00001\u0000\"\u0000,\u0000\"\u0000I\u0000Y\u0000U\u0000V\u0000 \u0000I\u0000n\u0000t\u0000e\u0000l\u0000 \u0000I\u0000Y\u0000U\u0000V\u0000 \u0000c\u0000o\u0000d\u0000e\u0000c\u0000\"\u0000,\u0000\"\u0000I\u0000Y\u0000U\u0000V\u0000 \u0000I\u0000n\u0000t\u0000e\u0000l\u0000 \u0000I\u0000Y\u0000U\u0000V\u0000 \u0000c\u0000o\u0000d\u0000e\u0000c\u0000\"\u0000,\u0000\"\u0000c\u0000v\u0000i\u0000d\u0000 \u0000C\u0000i\u0000n\u0000e\u0000p\u0000a\u0000k\u0000 \u0000C\u0000o\u0000d\u0000e\u0000c\u0000 \u0000b\u0000y\u0000 \u0000R\u0000a\u0000d\u0000i\u0000u\u0000s\u0000\"\u0000<\u0000\/\u0000a\u0000v\u0000i\u0000_\u0000c\u0000o\u0000m\u0000p\u0000l\u0000i\u0000s\u0000t\u0000_\u0000p\u0000f\u00008\u0000B\u0000i\u0000t\u0000>\u0000<\u0000a\u0000v\u0000i\u0000_\u0000c\u0000o\u0000m\u0000p\u0000l\u0000i\u0000s\u0000t\u0000_\u0000p\u0000f\u00001\u00005\u0000B\u0000i\u0000t\u0000>\u0000\"\u0000M\u0000S\u0000V\u0000C\u0000 \u0000M\u0000i\u0000c\u0000r\u0000o\u0000s\u0000o\u0000f\u0000t\u0000 \u0000V\u0000i\u0000d\u0000e\u0000o\u0000 \u00001\u0000\"\u0000,\u0000\"\u0000I\u0000Y\u0000U\u0000V\u0000 \u0000I\u0000n\u0000t\u0000e\u0000l\u0000 \u0000I\u0000Y\u0000U\u0000V\u0000 \u0000c\u0000o\u0000d\u0000e\u0000c\u0000\"\u0000,\u0000\"\u0000I\u0000Y\u0000U\u0000V\u0000 \u0000I\u0000n\u0000t\u0000e\u0000l\u0000 \u0000I\u0000Y\u0000U\u0000V\u0000 \u0000c\u0000o\u0000d\u0000e\u0000c\u0000\"\u0000,\u0000\"\u0000c\u0000v\u0000i\u0000d\u0000 \u0000C\u0000i\u0000n\u0000e\u0000p\u0000a\u0000k\u0000 \u0000C\u0000o\u0000d\u0000e\u0000c\u0000 \u0000b\u0000y\u0000 \u0000R\u0000a\u0000d\u0000i\u0000u\u0000s\u0000\"\u0000<\u0000\/\u0000a\u0000v\u0000i\u0000_\u0000c\u0000o\u0000m\u0000p\u0000l\u0000i\u0000s\u0000t\u0000_\u0000p\u0000f\u00001\u00005\u0000B\u0000i\u0000t\u0000>\u0000<\u0000a\u0000v\u0000i\u0000_\u0000c\u0000o\u0000m\u0000p\u0000l\u0000i\u0000s\u0000t\u0000_\u0000p\u0000f\u00001\u00006\u0000B\u0000i\u0000t\u0000>\u0000",
"regkey_r": "ROMCalendarRecordSettings",
"reg_type": 3,
"regkey": "HKEY_CURRENT_USER\\Software\\LiteManager\\v3.4\\Server\\Parameters\\ROMCalendarRecordSettings"
},
"time": 1588855996.827626,
"tid": 460,
"flags": {
"reg_type": "REG_BINARY"
}
},
"pid": 1948,
"type": "call",
"cid": 4120
}
],
"references": [],
"name": "creates_largekey"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 662,
"time": 6.147375106811523,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 5342,
"time": 12.147212028503418,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7186,
"time": 6.080359935760498,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7514,
"time": 4.120296955108643,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7842,
"time": 6.087744951248169,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8170,
"time": 4.768188953399658,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8498,
"time": 2.976330041885376,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 8826,
"time": 4.678040027618408,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 28236,
"time": 4.141417026519775,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 36620,
"time": 6.193341016769409,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "e0c795abf4f4c32f5548f688ef89140bad2d12647c36f6a7e949b69ddc08330a",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "b610281e9cedcc31143128800564e9eb12e48dc16df6a3a29d18b53df309148d",
"irc": [],
"https_ex": []
}Screenshots
quick_support.exe removal instructions
The instructions below shows how to remove quick_support.exe with help from the FreeFixer removal tool. Basically, you install FreeFixer, scan your computer, check the quick_support.exe file for removal, restart your computer and scan it again to verify that quick_support.exe has been successfully removed. Here are the removal instructions in more detail:
- Download and install FreeFixer: http://www.freefixer.com/download.html
- Start FreeFixer and press the Start Scan button. The scan will finish in approximately five minutes.
- When the scan is finished, locate quick_support.exe in the scan result and tick the checkbox next to the quick_support.exe file. Do not check any other file for removal unless you are 100% sure you want to delete it. Tip: Press CTRL-F to open up FreeFixer's search dialog to quickly locate quick_support.exe in the scan result.
c:\downloads\quick_support.exe 
- Scroll down to the bottom of the scan result and press the Fix button. FreeFixer will now delete the quick_support.exe file.
- Restart your computer.
- Start FreeFixer and scan your computer again. If quick_support.exe still remains in the scan result, proceed with the next step. If quick_support.exe is gone from the scan result you're done.
- If quick_support.exe still remains in the scan result, check its checkbox again in the scan result and click Fix.
- Restart your computer.
- Start FreeFixer and scan your computer again. Verify that quick_support.exe no longer appear in the scan result.
Hashes [?]
Property Value MD5 febc161483fe02faf40888056741b9af SHA256 14149a29877432de8b73dbcb5baa1b1becea12d8840281cc2bad483aa1a96c49
Error Messages
These are some of the error messages that can appear related to quick_support.exe:
quick_support.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
quick_support.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
quick_support.exe has stopped working.
End Program - quick_support.exe. This program is not responding.
quick_support.exe is not a valid Win32 application.
quick_support.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with the file?
To help other users, please let us know what you will do with the file:
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.
Leave a reply
