popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

xy_cjz_37658_315d8b4zbmga.exe

JPEG Format GIF Format PE32 PNG Format PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 9, 2021, 10:17 p.m. June 9, 2021, 10:20 p.m.
Size 2.9MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f99d0fc489a7258c29ec765cf1e2624a
SHA256 194c31cd0d620ef3c2772030924e28afb54f0a087d4b6c1c73c57f3de8f09222
CRC32 50674D87
ssdeep 49152:ENVJk7WTiwEqg9OlppXsZuXiO9ztg15s/DwfxCro2lhf8QHx8etJOHrIgl:+VJk6DEq9p9WuXiKzq15skpCU2HPR50L
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
cjz.static.xyimg.net
www.xy.com
CNAME lb-slb-xy-qcsh-001.slb.xyniubi.com
A 118.25.169.187
CNAME dg.xyniubi.com
CNAME xy.cname.xyniubi.com
118.25.169.187
IP Address Status Action
118.25.169.187 Active Moloch
164.124.101.2 Active Moloch
66.154.113.12 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .itext
section .didata
section .aspack
section .adata
packer ASPack v2.12 -> Alexey Solodovnikov
resource name PNG
resource name TYPELIB
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 86441100
registers.edi: 11001
registers.eax: 86441100
registers.ebp: 86441180
registers.edx: 0
registers.ebx: 6607496
registers.esi: 37772096
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 84606092
registers.edi: 11001
registers.eax: 84606092
registers.ebp: 84606172
registers.edx: 0
registers.ebx: 6607496
registers.esi: 37772096
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 139590796
registers.edi: 11001
registers.eax: 139590796
registers.ebp: 139590876
registers.edx: 0
registers.ebx: 6607496
registers.esi: 37771920
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138280076
registers.edi: 11001
registers.eax: 138280076
registers.ebp: 138280156
registers.edx: 0
registers.ebx: 6607496
registers.esi: 37771920
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138280076
registers.edi: 11001
registers.eax: 138280076
registers.ebp: 138280156
registers.edx: 0
registers.ebx: 6607496
registers.esi: 37772464
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 139590796
registers.edi: 11001
registers.eax: 139590796
registers.ebp: 139590876
registers.edx: 0
registers.ebx: 6607496
registers.esi: 37772464
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 139590796
registers.edi: 11001
registers.eax: 139590796
registers.ebp: 139590876
registers.edx: 0
registers.ebx: 6607496
registers.esi: 37771920
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138280076
registers.edi: 11001
registers.eax: 138280076
registers.ebp: 138280156
registers.edx: 0
registers.ebx: 6607496
registers.esi: 37771920
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138280076
registers.edi: 11001
registers.eax: 138280076
registers.ebp: 138280156
registers.edx: 0
registers.ebx: 6607496
registers.esi: 37780592
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138280076
registers.edi: 11001
registers.eax: 138280076
registers.ebp: 138280156
registers.edx: 0
registers.ebx: 6607496
registers.esi: 37780608
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138280076
registers.edi: 11001
registers.eax: 138280076
registers.ebp: 138280156
registers.edx: 0
registers.ebx: 6607496
registers.esi: 37780656
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138280076
registers.edi: 11001
registers.eax: 138280076
registers.ebp: 138280156
registers.edx: 0
registers.ebx: 6607496
registers.esi: 37780656
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138280076
registers.edi: 11001
registers.eax: 138280076
registers.ebp: 138280156
registers.edx: 0
registers.ebx: 6607496
registers.esi: 67616816
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138280076
registers.edi: 11001
registers.eax: 138280076
registers.ebp: 138280156
registers.edx: 0
registers.ebx: 6607496
registers.esi: 67616816
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138280076
registers.edi: 11001
registers.eax: 138280076
registers.ebp: 138280156
registers.edx: 0
registers.ebx: 6607496
registers.esi: 67616816
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138280076
registers.edi: 11001
registers.eax: 138280076
registers.ebp: 138280156
registers.edx: 0
registers.ebx: 6607496
registers.esi: 67616816
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138017932
registers.edi: 11001
registers.eax: 138017932
registers.ebp: 138018012
registers.edx: 0
registers.ebx: 6607496
registers.esi: 67301984
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138017932
registers.edi: 11001
registers.eax: 138017932
registers.ebp: 138018012
registers.edx: 0
registers.ebx: 6607496
registers.esi: 67301984
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138017932
registers.edi: 11001
registers.eax: 138017932
registers.ebp: 138018012
registers.edx: 0
registers.ebx: 6607496
registers.esi: 67301968
registers.ecx: 7
1 0 0

__exception__

 stacktrace: 
TMethodImplementationIntercept+0x1f104c xy_cjz_37658_315d8b4zbmga+0x253f38 @ 0x653f38
TMethodImplementationIntercept+0x1ed012 xy_cjz_37658_315d8b4zbmga+0x24fefe @ 0x64fefe
TMethodImplementationIntercept+0x1f0d1b xy_cjz_37658_315d8b4zbmga+0x253c07 @ 0x653c07
TMethodImplementationIntercept+0x20034c xy_cjz_37658_315d8b4zbmga+0x263238 @ 0x663238
TMethodImplementationIntercept+0x203a39 xy_cjz_37658_315d8b4zbmga+0x266925 @ 0x666925
TMethodImplementationIntercept+0x25c644 xy_cjz_37658_315d8b4zbmga+0x2bf530 @ 0x6bf530
TMethodImplementationIntercept+0x25cb6c xy_cjz_37658_315d8b4zbmga+0x2bfa58 @ 0x6bfa58
TMethodImplementationIntercept+0x25e9ec xy_cjz_37658_315d8b4zbmga+0x2c18d8 @ 0x6c18d8
TMethodImplementationIntercept+0x25e85b xy_cjz_37658_315d8b4zbmga+0x2c1747 @ 0x6c1747
TMethodImplementationIntercept+0x259d65 xy_cjz_37658_315d8b4zbmga+0x2bcc51 @ 0x6bcc51
TMethodImplementationIntercept+0x260b04 xy_cjz_37658_315d8b4zbmga+0x2c39f0 @ 0x6c39f0
TMethodImplementationIntercept+0x62e78 xy_cjz_37658_315d8b4zbmga+0xc5d64 @ 0x4c5d64
TMethodImplementationIntercept-0x590b6 xy_cjz_37658_315d8b4zbmga+0x9e36 @ 0x409e36
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x76a7b727
registers.esp: 138017932
registers.edi: 11001
registers.eax: 138017932
registers.ebp: 138018012
registers.edx: 0
registers.ebx: 6607496
registers.esi: 67301968
registers.ecx: 7
1 0 0
request GET http://www.xy.com/lander/cjz?adkey=39216&appname=xy_cjz_37658_315d8b4zbmga
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2236
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x729d2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2236
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x729d2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2988
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00a20000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f3000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f3000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f3000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f3000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f5000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f5000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f6000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f6000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x056f6000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceW

 number_of_free_clusters: 3350646
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 3349885
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 3349881
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13720555520
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Explorer
total_number_of_bytes: 0
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 13721505792
free_bytes_available: 13721505792
root_path: C:\
total_number_of_bytes: 34252779520
1 1 0
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name PNG language LANG_CHINESE filetype PNG image data, 76 x 26, 8-bit/color RGBA, non-interlaced sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003efec8 size 0x00000560
name RT_BITMAP language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x003f123c size 0x00002758
file C:\Users\test22\Desktop\XY裁决者.lnk
file C:\XY裁决者\XY裁决者-卸载.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\XY\XY裁决者-卸载.lnk
file C:\Users\test22\Desktop\XY裁决者.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\XY\XY裁决者-卸载.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\XY\XY裁决者.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XY裁决者.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XY裁决者.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\XY\XY裁决者.lnk
file C:\XY裁决者\XY裁决者-卸载.lnk
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2988
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 16 (PAGE_EXECUTE)
base_address: 0x056f0000
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x000ee200', u'virtual_address': u'0x00001000', u'entropy': 7.999739409363445, u'name': u'.text', u'virtual_size': u'0x00370000'} entropy 7.99973940936 description A section with a high entropy has been found
section {u'size_of_data': u'0x00001600', u'virtual_address': u'0x00371000', u'entropy': 7.959341369062626, u'name': u'.itext', u'virtual_size': u'0x00003000'} entropy 7.95934136906 description A section with a high entropy has been found
section {u'size_of_data': u'0x00006200', u'virtual_address': u'0x00374000', u'entropy': 7.990324245771699, u'name': u'.data', u'virtual_size': u'0x0000e000'} entropy 7.99032424577 description A section with a high entropy has been found
section {u'size_of_data': u'0x00002200', u'virtual_address': u'0x00389000', u'entropy': 7.900326646769953, u'name': u'.idata', u'virtual_size': u'0x00009000'} entropy 7.90032664677 description A section with a high entropy has been found
section {u'size_of_data': u'0x00000400', u'virtual_address': u'0x00392000', u'entropy': 7.496303394973818, u'name': u'.didata', u'virtual_size': u'0x00001000'} entropy 7.49630339497 description A section with a high entropy has been found
section {u'size_of_data': u'0x001ed000', u'virtual_address': u'0x003e3000', u'entropy': 7.688238806208146, u'name': u'.rsrc', u'virtual_size': u'0x001ed000'} entropy 7.68823880621 description A section with a high entropy has been found
entropy 0.99797979798 description Overall entropy of this PE file is high
host 66.154.113.12
Time & API Arguments Status Return Repeated

RegSetValueExA

 key_handle: 0x000003b4
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
value: 0
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
1 0 0
dead_host 192.168.56.101:49205
MicroWorld-eScan Gen:Variant.Hyperborea.5
McAfee Artemis!F99D0FC489A7
Cylance Unsafe
Zillya Trojan.Agent.Win32.1062257
Sangfor Trojan.Win32.Agent.qwiard
CrowdStrike win/malicious_confidence_100% (D)
Alibaba Trojan:Win32/Generic.8f4ef3d1
Arcabit Trojan.Hyperborea.5
Symantec Trojan.Gen.MBT
Avast Win32:Malware-gen
Kaspersky Trojan.Win32.Agent.qwiard
BitDefender Gen:Variant.Hyperborea.5
NANO-Antivirus Trojan.Win32.Jacard.fmxctm
Paloalto generic.ml
Ad-Aware Gen:Variant.Hyperborea.5
Emsisoft Gen:Variant.Hyperborea.5 (B)
Comodo Malware@#1156om7dcxn0d
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_FRS.0NA103JU20
FireEye Gen:Variant.Hyperborea.5
Sophos Generic ML PUA (PUA)
Ikarus Trojan.Agent
Jiangmin Trojan.Agent.cqiu
Avira TR/Agent.qckcf
eGambit Unsafe.AI_Score_99%
Antiy-AVL Trojan/Generic.ASMalwS.2A1EB64
Gridinsoft Trojan.Win32.Agent.vb!s1
Microsoft HackTool:Win32/AutoKMS!ml
AegisLab Trojan.Win32.Agent.4!c
ZoneAlarm Trojan.Win32.Agent.qwiard
GData Gen:Variant.Hyperborea.5
Cynet Malicious (score: 100)
ALYac Gen:Variant.Hyperborea.5
MAX malware (ai score=100)
VBA32 Trojan.Agent
TrendMicro-HouseCall TROJ_FRS.0NA103JU20
MaxSecure Trojan.Malware.1728101.susgen
Fortinet W32/Agent.QWIARD!tr
BitDefenderTheta AI:Packer.C2C726EA19
AVG Win32:Malware-gen
Cybereason malicious.489a72
Panda Trj/CI.A