SPDebugger/2.17.24106.A Exception Raised at 007e9207 because ACCESS_VIOLATION (#c0000005) ->Reading 00000010 Data Windows NT 6.1.7601 Service Pack 1 UAC: Enabled,Limited Time: 2022/9/15 00:58:43.369 Phys.Mem: 1661/4050MB PageFile: 2721/8098MB CPU : Intel 0.6.10.6 3392MHz Features:MMX SSE HT (Intel(R) Core(TM) i3-2130 CPU @ 3.40GHz) Package:1 Node:1 Core:2 Thread:4 SSP/2.6.13 (20220802-5; Windows NT 6.1) Volume Information: C:\ Fixed [ 44886MB Free | 81921MB Total | 54%] (NTFS,Normal) D:\ Fixed [ 186592MB Free | 197633MB Total | 94%] (NTFS,Normal) E:\ Fixed [ 197278MB Free | 197377MB Total | 99%] (NTFS,Normal) F:\ CD-ROM Monitor Information: 0: \\.\DISPLAY1 - Work=0,0,1440,860 Size=1440x900 [PRIMARY] Env. Variables: =::=::\ =C:=C:\Users\SCM-LAB\Downloads\ssp\ghost\Taromati2\ghost ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\SCM-LAB\AppData\Roaming CommonProgramFiles=C:\Program Files (x86)\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=SC6 ComSpec=C:\windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\SCM-LAB LOCALAPPDATA=C:\Users\SCM-LAB\AppData\Local LOGONSERVER=\\SC6 NUMBER_OF_PROCESSORS=4 OS=Windows_NT Path=C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\MATLAB7\bin\win32;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_ARCHITEW6432=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=2a07 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files (x86) ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PSModulePath=C:\windows\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\windows TEMP=C:\Users\SCM-LAB\AppData\Local\Temp TMP=C:\Users\SCM-LAB\AppData\Local\Temp USERDOMAIN=SC6 USERDOMAIN_ROAMINGPROFILE=SC6 USERNAME=SCM-LAB USERPROFILE=C:\Users\SCM-LAB VS100COMNTOOLS=C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools\ windir=C:\windows windows_tracing_flags=3 windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log Loaded Drivers: -00060000 : win32k.sys -00500000 : TSDDD.dll -00770000 : cdd.dll -00b96000 : kdcom.dll -00c00000 : CI.dll -00c75000 : volmgrx.sys -00cf4000 : mcupdate_GenuineIntel.dll -00d43000 : PSHED.dll -00d57000 : CLFS.SYS -00db7000 : nvraid.sys -00e00000 : vdrvroot.sys -00e0d000 : partmgr.sys -00e22000 : volmgr.sys -00e36000 : intelide.sys -00e3e000 : PCIIDEX.SYS -00e4e000 : aliide.sys -00e55000 : amdide.sys -00e5c000 : cmdide.sys -00e64000 : mountmgr.sys -00e86000 : Wdf01000.sys -00f48000 : WDFLDR.SYS -00f58000 : ACPI.sys -00faf000 : WMILIB.SYS -00fb8000 : msisadrv.sys -00fc2000 : pci.sys -01000000 : amdsata.sys -0101e000 : wanarp.sys -0104e000 : CLASSPNP.SYS -01080000 : pciide.sys -01087000 : iaStorV.sys -011a5000 : atapi.sys -011ae000 : ataport.SYS -011d8000 : msahci.sys -01200000 : msrpc.sys -0125e000 : VIDEOPRT.SYS -01283000 : rdprefmp.sys -0128c000 : Msfs.SYS -012a3000 : storport.sys -01307000 : amdsbs.sys -0134e000 : amdxata.sys -01359000 : nvstor.sys -01384000 : fltmgr.sys -013ce000 : fileinfo.sys -013e2000 : Npfs.SYS -01400000 : watchdog.sys -01410000 : RDPCDD.sys -0141a000 : Ntfs.sys -015c1000 : ksecdd.sys -015dc000 : Beep.SYS -015e3000 : vga.sys -015f1000 : rdpencdd.sys -01600000 : mup.sys -0161f000 : GenFilt.sys -0162e000 : fvevol.sys -01661000 : disk.sys -016ae000 : cdrom.sys -016d9000 : Null.SYS -016e7000 : cng.sys -0175c000 : pcw.sys -0176d000 : Fs_Rec.sys -01777000 : volsnap.sys -017c3000 : rdyboost.sys -01800000 : fwpkclnt.sys -0184e000 : ndis.sys -01940000 : NETIO.SYS -019a0000 : ksecpkg.sys -019cb000 : wfplwf.sys -019d4000 : vmstorfl.sys -019e4000 : spldr.sys -019ec000 : hwpolicy.sys -019f5000 : hrdevmon.sys -01a02000 : tcpip.sys -03200000 : mrxsmb.sys -0322d000 : mrxsmb10.sys -0327b000 : mrxsmb20.sys -0329f000 : srvnet.sys -032d9000 : HTTP.sys -033a1000 : bowser.sys -033be000 : mpsdrv.sys -033d6000 : tcpipreg.sys -033e8000 : TDNetFilter.sys -0400c000 : ntoskrnl.exe -04413000 : atikmpag.sys -044bb000 : dxgkrnl.sys -045b0000 : ks.sys -045e9000 : hal.dll -05245000 : srv.sys -0534d000 : asyncmac.sys -05600000 : netbt.sys -05645000 : pacer.sys -0566b000 : netbios.sys -0567b000 : serial.sys -05698000 : termdd.sys -056b0000 : sysdiag.sys -05740000 : tdx.sys -05762000 : TDI.SYS -0576f000 : afd.sys -05820000 : rdbss.sys -05873000 : nsiproxy.sys -0587f000 : mssmbios.sys -0588a000 : discache.sys -05899000 : csc.sys -0591e000 : dfsc.sys -0593f000 : blbdrive.sys -05950000 : tunnel.sys -05976000 : USBPORT.SYS -05a61000 : usbhub.sys -05abb000 : NDProxy.SYS -05ad0000 : AtihdW76.sys -05aec000 : portcls.sys -05b29000 : drmk.sys -05b4b000 : ksthunk.sys -05b51000 : srv2.sys -06000000 : umbus.sys -06036000 : Rt64win7.sys -0609b000 : serenum.sys -060a7000 : i8042prt.sys -060c5000 : kbdclass.sys -060d4000 : TDKeybd.sys -060db000 : intelppm.sys -060f1000 : wmiacpi.sys -060fa000 : CompositeBus.sys -0610a000 : AgileVpn.sys -06120000 : rasl2tp.sys -06144000 : ndistapi.sys -06150000 : ndiswan.sys -0617f000 : raspppoe.sys -0619a000 : raspptp.sys -061bb000 : rassstp.sys -061d5000 : rdpbus.sys -061e0000 : mouclass.sys -061ef000 : swenum.sys -06e00000 : lltdio.sys -06e15000 : rspndr.sys -06e2d000 : peauth.sys -06ee4000 : RTKVHD64.sys -07104000 : Dxapi.sys -07110000 : crashdmp.sys -0711e000 : dump_dumpata.sys -0712a000 : dump_msahci.sys -07135000 : dump_dumpfve.sys -07148000 : monitor.sys -07156000 : hidusb.sys -07164000 : HIDCLASS.SYS -0717d000 : HIDPARSE.SYS -07186000 : USBD.SYS -07188000 : mouhid.sys -07195000 : luafv.sys -071b8000 : TDFileFilter.sys -071c3000 : hrwfpdrv.sys -0fa3a000 : atikmdag.sys -10f44000 : dxgmms1.sys -10f8a000 : DispFilter.sys -10f92000 : HDAudBus.sys -10fb6000 : HECIx64.sys -10fc7000 : usbehci.sys -47c10000 : smss.exe -754a0000 : normaliz.dll -76d50000 : kernel32.dll -76e70000 : user32.dll -76f70000 : ntdll.dll -77110000 : psapi.dll -77120000 : normaliz.dll -fcf00000 : msasn1.dll -fcf10000 : KernelBase.dll -fcf80000 : crypt32.dll -fd0f0000 : cfgmgr32.dll -fd130000 : xmllite.dll -fd170000 : wintrust.dll -fd1b0000 : devobj.dll -fd1d0000 : comctl32.dll -fd270000 : setupapi.dll -fd450000 : urlmon.dll -fd5e0000 : lpk.dll -fd5f0000 : Wldap32.dll -fd650000 : msctf.dll -fd760000 : oleaut32.dll -fd840000 : shell32.dll -fe5d0000 : shlwapi.dll -fe650000 : imm32.dll -fe680000 : ole32.dll -fe880000 : nsi.dll -fe890000 : imagehlp.dll -fe8b0000 : clbcatq.dll -fe950000 : sechost.dll -fe970000 : wininet.dll -feaa0000 : ws2_32.dll -feaf0000 : usp10.dll -febc0000 : comdlg32.dll -fec60000 : difxapi.dll -fece0000 : gdi32.dll -fed50000 : msvcrt.dll -fedf0000 : rpcrt4.dll -fef20000 : iertutil.dll -ff180000 : advapi32.dll -ff270000 : apisetschema.dll -ffb50000 : autochk.exe Executing Processes: [With ToolHelp32] -00000000 : [System Process] (4 Threads.) -00000004 : System (127 Threads.) -0000013c : smss.exe (2 Threads.) -000001d0 : csrss.exe (9 Threads.) -00000214 : wininit.exe (3 Threads.) 6.1.7600.16385 - Windows 启动应用程序 ? Microsoft Corporation. All rights reserved. -00000228 : csrss.exe (13 Threads.) -0000024c : services.exe (7 Threads.) -00000260 : lsass.exe (8 Threads.) -00000268 : lsm.exe (10 Threads.) -000002a4 : winlogon.exe (3 Threads.) -00000304 : svchost.exe (10 Threads.) 6.1.7601.23403 - Windows 服务主进程 ? Microsoft Corporation. All rights reserved. -0000036c : svchost.exe (8 Threads.) 6.1.7601.23403 - Windows 服务主进程 ? Microsoft Corporation. All rights reserved. -000003b8 : atiesrxx.exe (6 Threads.) -00000080 : svchost.exe (20 Threads.) 6.1.7601.23403 - Windows 服务主进程 ? Microsoft Corporation. All rights reserved. -00000164 : svchost.exe (18 Threads.) 6.1.7601.23403 - Windows 服务主进程 ? Microsoft Corporation. All rights reserved. -000001d4 : svchost.exe (33 Threads.) 6.1.7601.23403 - Windows 服务主进程 ? Microsoft Corporation. All rights reserved. -000004a0 : svchost.exe (18 Threads.) 6.1.7601.23403 - Windows 服务主进程 ? Microsoft Corporation. All rights reserved. -00000500 : atieclxx.exe (10 Threads.) -00000574 : svchost.exe (16 Threads.) 6.1.7601.23403 - Windows 服务主进程 ? Microsoft Corporation. All rights reserved. -000005d8 : spoolsv.exe (13 Threads.) -000005f4 : svchost.exe (17 Threads.) 6.1.7601.23403 - Windows 服务主进程 ? Microsoft Corporation. All rights reserved. -00000670 : OfficeClickToRun.exe (20 Threads.) -00000708 : taskhost.exe (8 Threads.) -000007b0 : dwm.exe (5 Threads.) -000007c8 : explorer.exe (26 Threads.) 6.1.7601.23403 - Windows 资源管理器 ? Microsoft Corporation. All rights reserved. -000007f4 : taskeng.exe (5 Threads.) 6.1.7601.23403 - 任务计划程序引擎 ? Microsoft Corporation. All rights reserved. -00000594 : PopBlock.exe (5 Threads.) -0000071c : svchost.exe (10 Threads.) 6.1.7601.23403 - Windows 服务主进程 ? Microsoft Corporation. All rights reserved. -00000824 : matlabserver.exe (6 Threads.) -00000928 : MATLAB.exe (13 Threads.) 1.0.0.1 - MATLAB Copyright ? 2004 -00000940 : sqlservr.exe (35 Threads.) -00000960 : sqlwriter.exe (4 Threads.) -00000990 : GATESRV.exe (4 Threads.) -00000ba0 : QQPYUserCenter.exe (8 Threads.) -00000bc8 : RAVCpl64.exe (9 Threads.) -000007dc : ShowBuffer.exe (3 Threads.) -00000af4 : StudentMain.exe (21 Threads.) -00000c18 : MOM.exe (15 Threads.) 4.5.0.0 - Catalyst Control Center: Monitoring program 2002-2014 -00000c74 : ProcHelper64.exe (2 Threads.) -00000c7c : MasterHelper.exe (3 Threads.) -00000d80 : CCC.exe (25 Threads.) 4.5.0.0 - Catalyst Control Center: Host application 2002-2014 -00000e00 : SearchIndexer.exe (12 Threads.) 7.0.7601.24542 - Microsoft Windows Search 索引器 ? Microsoft Corporation. All rights reserved. -00000ec0 : wmpnetwk.exe (9 Threads.) -00000fc8 : svchost.exe (17 Threads.) 6.1.7601.23403 - Windows 服务主进程 ? Microsoft Corporation. All rights reserved. -00000364 : HipsDaemon.exe (50 Threads.) -0000137c : usysdiag.exe (11 Threads.) -00000e90 : HipsTray.exe (11 Threads.) -00001118 : LMS.exe (4 Threads.) -00000ef4 : svchost.exe (12 Threads.) 6.1.7601.23403 - Windows 服务主进程 ? Microsoft Corporation. All rights reserved. -00000dc8 : UNS.exe (14 Threads.) -00000868 : chrome.exe (34 Threads.) -00000538 : chrome.exe (9 Threads.) -00001384 : chrome.exe (14 Threads.) -000007a0 : chrome.exe (14 Threads.) -0000078c : chrome.exe (8 Threads.) -000017ac : wampmanager.exe (5 Threads.) -00000e44 : mysqld.exe (46 Threads.) -00001340 : mysqld.exe (34 Threads.) -00001720 : taskhost.exe (5 Threads.) -000017e8 : httpd.exe (5 Threads.) -00001758 : httpd.exe (67 Threads.) -000016cc : chrome.exe (16 Threads.) -00000a20 : SearchProtocolHost.exe (8 Threads.) 7.0.7601.24542 - Microsoft Windows Search Protocol Host ? Microsoft Corporation. All rights reserved. ==> -00000db0 : ssp.exe (27 Threads.) 2.6.13.3000 - SSP (C) D-EXCLAMATION / SSP BUGTRAQ -000015c8 : SearchFilterHost.exe (6 Threads.) 7.0.7601.24542 - Microsoft Windows Search Filter Host ? Microsoft Corporation. All rights reserved. -00001124 : chrome.exe (15 Threads.) -00001538 : QQPYBugReport.exe (1 Threads.) Executing Threads: [With ToolHelp32] -00000f60 : 8(0) -000004f4 : 8(0) -0000159c : 8(0) -00001520 : 8(0) -00000e78 : 8(0) -00000ebc : 8(0) -00000320 : 7(0) -00001790 : 7(0) -000000ac : 8(0) -000012bc : 8(0) -000004b0 : 8(0) -0000165c : 8(0) -0000054c : 8(0) -00000dac : 9(0) -0000077c : 7(0) -000015ec : 8(0) -00000ea4 : 8(0) -00001554 : 7(0) -00001708 : 7(0) -00000f48 : 8(0) ==> -000017a4 : 7(0) -000014a8 : 8(0) -000015a4 : 8(0) -000015fc : 8(0) -000012c8 : 8(0) -00001600 : 8(0) -0000022c : 8(0) Executing Services: [With SCM/NT] ***AeLookupSvc (Application Experience) - Running ---ALG (Application Layer Gateway Service) - Stopped/Paused ***AMD External Events Utility (AMD External Events Utility) - Running ---AppIDSvc (Application Identity) - Stopped/Paused ***Appinfo (Application Information) - Running ***AppMgmt (Application Management) - Running ---aspnet_state (ASP.NET 状态服务) - Stopped/Paused ***AudioEndpointBuilder (Windows Audio Endpoint Builder) - Running ***AudioSrv (Windows Audio) - Running ---AxInstSV (ActiveX Installer (AxInstSV)) - Stopped/Paused ---BDESVC (BitLocker Drive Encryption Service) - Stopped/Paused ***BFE (Base Filtering Engine) - Running ***BITS (Background Intelligent Transfer Service) - Running ---Browser (Computer Browser) - Stopped/Paused ---bthserv (Bluetooth Support Service) - Stopped/Paused ---CertPropSvc (Certificate Propagation) - Stopped/Paused ***ClickToRunSvc (Microsoft Office ClickToRun Service) - Running ---clr_optimization_v2.0.50727_32 (Microsoft .NET Framework NGEN v2.0.50727_X86) - Stopped/Paused ---clr_optimization_v2.0.50727_64 (Microsoft .NET Framework NGEN v2.0.50727_X64) - Stopped/Paused ---clr_optimization_v4.0.30319_32 (Microsoft .NET Framework NGEN v4.0.30319_X86) - Stopped/Paused ---clr_optimization_v4.0.30319_64 (Microsoft .NET Framework NGEN v4.0.30319_X64) - Stopped/Paused ---COMSysApp (COM+ System Application) - Stopped/Paused ***CryptSvc (Cryptographic Services) - Running ***CscService (Offline Files) - Running ***DcomLaunch (DCOM Server Process Launcher) - Running ---defragsvc (Disk Defragmenter) - Stopped/Paused ***Dhcp (DHCP Client) - Running ***DiagTrack (Diagnostics Tracking Service) - Running ***Dnscache (DNS Client) - Running ---dot3svc (Wired AutoConfig) - Stopped/Paused ***DPS (Diagnostic Policy Service) - Running ---EapHost (Extensible Authentication Protocol) - Stopped/Paused ---EFS (Encrypting File System (EFS)) - Stopped/Paused ---ehRecvr (Windows Media Center Receiver Service) - Stopped/Paused ---ehSched (Windows Media Center Scheduler Service) - Stopped/Paused ***eventlog (Windows Event Log) - Running ***EventSystem (COM+ Event System) - Running ---Fax (传真) - Stopped/Paused ***fdPHost (Function Discovery Provider Host) - Running ***FDResPub (Function Discovery Resource Publication) - Running ***FontCache (Windows Font Cache Service) - Running ---FontCache3.0.0.0 (Windows Presentation Foundation Font Cache 3.0.0.0) - Stopped/Paused ---GoogleChromeElevationService (Google Chrome Elevation Service (GoogleChromeElevationService)) - Stopped/Paused ***gpsvc (Group Policy Client) - Running ---gupdate (Google 更新服务 (gupdate)) - Stopped/Paused ---gupdatem (Google 更新服务 (gupdatem)) - Stopped/Paused ---hidserv (Human Interface Device Access) - Stopped/Paused ***HipsDaemon (Huorong Internet Security Daemon) - Running ---hkmsvc (Health Key and Certificate Management) - Stopped/Paused ***HomeGroupProvider (HomeGroup Provider) - Running ---idsvc (Windows CardSpace) - Stopped/Paused ---IKEEXT (IKE and AuthIP IPsec Keying Modules) - Stopped/Paused ---IPBusEnum (PnP-X IP Bus Enumerator) - Stopped/Paused ***iphlpsvc (IP Helper) - Running ---KeyIso (CNG Key Isolation) - Stopped/Paused ---KtmRm (KtmRm for Distributed Transaction Coordinator) - Stopped/Paused ***LanmanServer (Server) - Running ***LanmanWorkstation (Workstation) - Running ---lltdsvc (Link-Layer Topology Discovery Mapper) - Stopped/Paused ***lmhosts (TCP/IP NetBIOS Helper) - Running ***LMS (Intel(R) Management and Security Application Local Management Service) - Running ***matlabserver (MATLAB Server) - Running ---Mcx2Svc (Media Center Extender Service) - Stopped/Paused ---MMCSS (Multimedia Class Scheduler) - Stopped/Paused ---ModifyIPService (ModifyIPService) - Stopped/Paused ***MpsSvc (Windows Firewall) - Running ---MSDTC (Distributed Transaction Coordinator) - Stopped/Paused ---MSiSCSI (Microsoft iSCSI Initiator Service) - Stopped/Paused ---msiserver (Windows Installer) - Stopped/Paused ***MSSQL$SQLEXPRESS (SQL Server (SQLEXPRESS)) - Running ---MSSQLServerADHelper100 (SQL Active Directory Helper 服务) - Stopped/Paused ---napagent (Network Access Protection Agent) - Stopped/Paused ---Netlogon (Netlogon) - Stopped/Paused ***Netman (Network Connections) - Running ---NetMsmqActivator (Net.Msmq Listener Adapter) - Stopped/Paused ---NetPipeActivator (Net.Pipe Listener Adapter) - Stopped/Paused ***netprofm (Network List Service) - Running ---NetTcpActivator (Net.Tcp Listener Adapter) - Stopped/Paused ---NetTcpPortSharing (Net.Tcp Port Sharing Service) - Stopped/Paused ***NlaSvc (Network Location Awareness) - Running ***nsi (Network Store Interface Service) - Running ---ose (Office Source Engine) - Stopped/Paused ---osppsvc (Office Software Protection Platform) - Stopped/Paused ---p2pimsvc (Peer Networking Identity Manager) - Stopped/Paused ---p2psvc (Peer Networking Grouping) - Stopped/Paused ***PcaSvc (Program Compatibility Assistant Service) - Running ---PeerDistSvc (BranchCache) - Stopped/Paused ---PerfHost (Performance Counter DLL Host) - Stopped/Paused ---pla (Performance Logs & Alerts) - Stopped/Paused ***PlugPlay (Plug and Play) - Running ---PNRPAutoReg (PNRP Machine Name Publication Service) - Stopped/Paused ---PNRPsvc (Peer Name Resolution Protocol) - Stopped/Paused ---PolicyAgent (IPsec Policy Agent) - Stopped/Paused ***Power (Power) - Running ***ProfSvc (User Profile Service) - Running ---ProtectedStorage (Protected Storage) - Stopped/Paused ---QQPYService (QQ拼音输入法基础服务) - Stopped/Paused ---QWAVE (Quality Windows Audio Video Experience) - Stopped/Paused ---RasAuto (Remote Access Auto Connection Manager) - Stopped/Paused ---RasMan (Remote Access Connection Manager) - Stopped/Paused ---RemoteAccess (Routing and Remote Access) - Stopped/Paused ---RemoteRegistry (Remote Registry) - Stopped/Paused ***RpcEptMapper (RPC Endpoint Mapper) - Running ---RpcLocator (Remote Procedure Call (RPC) Locator) - Stopped/Paused ***RpcSs (Remote Procedure Call (RPC)) - Running ***SamSs (Security Accounts Manager) - Running ---SCardSvr (Smart Card) - Stopped/Paused ***Schedule (Task Scheduler) - Running ---SCPolicySvc (Smart Card Removal Policy) - Stopped/Paused ---SDRSVC (Windows Backup) - Stopped/Paused ---seclogon (Secondary Logon) - Stopped/Paused ***SENS (System Event Notification Service) - Running ---SensrSvc (Adaptive Brightness) - Stopped/Paused ---SessionEnv (Remote Desktop Configuration) - Stopped/Paused ---SharedAccess (Internet Connection Sharing (ICS)) - Stopped/Paused ***ShellHWDetection (Shell Hardware Detection) - Running ---SNMPTRAP (SNMP Trap) - Stopped/Paused ***Spooler (Print Spooler) - Running ---sppsvc (Software Protection) - Stopped/Paused ---sppuinotify (SPP Notification Service) - Stopped/Paused ---SQLAgent$SQLEXPRESS (SQL Server 代理 (SQLEXPRESS)) - Stopped/Paused ---SQLBrowser (SQL Server Browser) - Stopped/Paused ***SQLWriter (SQL Server VSS Writer) - Running ***SSDPSRV (SSDP Discovery) - Running ---SstpSvc (Secure Socket Tunneling Protocol Service) - Stopped/Paused ---stisvc (Windows Image Acquisition (WIA)) - Stopped/Paused ---StorSvc (Storage Service) - Stopped/Paused ***STUDSRV (Student Service) - Running ---swprv (Microsoft Software Shadow Copy Provider) - Stopped/Paused ***SysMain (Superfetch) - Running ---TabletInputService (Tablet PC Input Service) - Stopped/Paused ---TapiSrv (Telephony) - Stopped/Paused ---TermService (Remote Desktop Services) - Stopped/Paused ***Themes (Themes) - Running ---THREADORDER (Thread Ordering Server) - Stopped/Paused ***TrkWks (Distributed Link Tracking Client) - Running ---TrustedInstaller (Windows Modules Installer) - Stopped/Paused ---UI0Detect (Interactive Services Detection) - Stopped/Paused ---UmRdpService (Remote Desktop Services UserMode Port Redirector) - Stopped/Paused ***UNS (Intel(R) Management and Security Application User Notification Service) - Running ---upnphost (UPnP Device Host) - Stopped/Paused ***UxSms (Desktop Window Manager Session Manager) - Running ---VaultSvc (Credential Manager) - Stopped/Paused ---vds (Virtual Disk) - Stopped/Paused ---VSS (Volume Shadow Copy) - Stopped/Paused ---W32Time (Windows Time) - Stopped/Paused ***wampapache64 (wampapache64) - Running ***wampmariadb64 (wampmariadb64) - Running ***wampmysqld64 (wampmysqld64) - Running ---wbengine (Block Level Backup Engine Service) - Stopped/Paused ---WbioSrvc (Windows Biometric Service) - Stopped/Paused ---wcncsvc (Windows Connect Now - Config Registrar) - Stopped/Paused ---WcsPlugInService (Windows Color System) - Stopped/Paused ***WdiServiceHost (Diagnostic Service Host) - Running ***WdiSystemHost (Diagnostic System Host) - Running ---WebClient (WebClient) - Stopped/Paused ---Wecsvc (Windows Event Collector) - Stopped/Paused ---wercplsupport (Problem Reports and Solutions Control Panel Support) - Stopped/Paused ---WerSvc (Windows Error Reporting Service) - Stopped/Paused ---WiaRpc (Still Image Acquisition Events) - Stopped/Paused ***WinDefend (Windows Defender) - Running ***WinHttpAutoProxySvc (WinHTTP Web Proxy Auto-Discovery Service) - Running ***Winmgmt (Windows Management Instrumentation) - Running ---WinRM (Windows Remote Management (WS-Management)) - Stopped/Paused ---Wlansvc (WLAN AutoConfig) - Stopped/Paused ---wmiApSrv (WMI Performance Adapter) - Stopped/Paused ***WMPNetworkSvc (Windows Media Player Network Sharing Service) - Running ---WPCSvc (Parental Controls) - Stopped/Paused ---WPDBusEnum (Portable Device Enumerator Service) - Stopped/Paused ***wscsvc (Security Center) - Running ***WSearch (Windows Search) - Running ***wuauserv (Windows Update) - Running ---wudfsvc (Windows Driver Foundation - User-mode Driver Framework) - Stopped/Paused ---WwanSvc (WWAN AutoConfig) - Stopped/Paused Loaded Modules: [With ToolHelp32] ==> -00400000 : C:\Users\SCM-LAB\Downloads\ssp\ssp.exe 2.6.13.3000 - SSP (C) D-EXCLAMATION / SSP BUGTRAQ -036e0000 : C:\Users\SCM-LAB\Downloads\ssp\plugin\SAKNIFE\SAKNIFE.dll 1.5.3.0 - SwissArmyKnife (C) 2004 SSP BUGTRAQ -04960000 : C:\Users\SCM-LAB\Downloads\ssp\plugin\shared_value\shared_value.dll 1.0.0.0 - Shared Value Plugin Copyright (C) CSaori Project -04fd0000 : C:\Users\SCM-LAB\Downloads\ssp\ghost\Taromati2\ghost\master\saori\VMDetect.DLL 1.0.0.0 - by steve02081504 for Taromati2 at 2022/5/7 -04ff0000 : C:\Users\SCM-LAB\Downloads\ssp\ghost\Taromati2\ghost\master\saori\cmdrunner.DLL 1.0.0.0 - by steve02081504 for Taromati2 at 2021/2/16 -05060000 : C:\Users\SCM-LAB\Downloads\ssp\ghost\Taromati2\ghost\master\saori\ChConverter.DLL 1.0.0.1 - ChConverter Copyright ? 2009 Pygmalion -05a10000 : C:\Users\SCM-LAB\Downloads\ssp\ghost\Taromati2\ghost\master\saori\ip.DLL 1.0.0.0 - by steve02081504 for Taromati2 at 2021/2/15 -07190000 : C:\Users\SCM-LAB\Downloads\ssp\ghost\Taromati2\ghost\master\saori\lunar.DLL 2.0.1.2 - 伪春菜_lunar calendar conversion KikkaAIdb -0cba0000 : C:\Users\SCM-LAB\Downloads\ssp\ghost\Taromati2\ghost\master\saori\debeso.DLL -10000000 : C:\Users\SCM-LAB\Downloads\ssp\data\language\chinese-simplified\resource.dll 2.5.86.14 - Language Resource DLL (C) D-EXCLAMATION / SSP BUGTRAQ -13700000 : C:\Users\SCM-LAB\Downloads\ssp\ghost\Taromati2\ghost\master\shiori\aya.dll -633b0000 : C:\windows\system32\mssprxy.dll 7.0.7601.24542 - Microsoft Search Proxy ? Microsoft Corporation. All rights reserved. -633c0000 : C:\Windows\SysWOW64\actxprxy.dll 6.1.7601.24000 - ActiveX Interface Marshaling Library ? Microsoft Corporation. All rights reserved. -63410000 : C:\Windows\SysWOW64\ieframe.dll 8.0.7601.19104 - Internet 浏览器 ? Microsoft Corporation. All rights reserved. -67230000 : C:\windows\system32\ntshrui.dll 6.1.7601.23403 - 用于共享的外壳扩展 ? Microsoft Corporation. All rights reserved. -672a0000 : C:\Program Files (x86)\Microsoft Office\root\Office16\2052\GrooveIntlResource.dll 16.0.4266.1003 - Microsoft OneDrive for Business Intl Resource 模块 -67cc0000 : C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL 16.0.4266.1003 - Microsoft OneDrive for Business Extensions -6bd30000 : C:\windows\system32\LINKINFO.dll 6.1.7601.23403 - Windows Volume Tracking ? Microsoft Corporation. All rights reserved. -6bd40000 : C:\windows\system32\cscapi.dll 6.1.7601.24197 - Offline Files Win32 API ? Microsoft Corporation. All rights reserved. -6bd50000 : C:\windows\system32\EhStorShell.dll 6.1.7600.16385 - Windows 增强的存储外壳扩展 DLL ? Microsoft Corporation. All rights reserved. -6bd90000 : C:\windows\system32\mscms.dll 6.1.7601.24537 - Microsoft 颜色匹配系统 DLL ? Microsoft Corporation. All rights reserved. -6be10000 : C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -6be20000 : C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -6be30000 : C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -6be40000 : C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -6be50000 : C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -6be60000 : C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -6be70000 : C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -6be80000 : C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -6be90000 : C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -6bea0000 : C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -6beb0000 : C:\windows\system32\ucrtbase.DLL 10.0.14393.2990 - Microsoft? C Runtime Library ? Microsoft Corporation. All rights reserved. -6ca60000 : C:\windows\system32\api-ms-win-core-file-l1-2-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -6ca70000 : C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -6ca80000 : C:\windows\system32\MSVCP140.dll 14.29.30040.0 - Microsoft? C Runtime Library ? Microsoft Corporation. All rights reserved. -6caf0000 : C:\windows\System32\netprofm.dll 6.1.7601.23403 - 网络列表管理器 ? Microsoft Corporation. All rights reserved. -6cb50000 : C:\windows\System32\LocationApi.dll 6.1.7600.16385 - Microsoft Windows Location API ? Microsoft Corporation. All rights reserved. -6cb90000 : C:\windows\system32\PortableDeviceTypes.dll 6.1.7600.16385 - Windows Portable Device (Parameter) Types Component ? Microsoft Corporation. All rights reserved. -6cbc0000 : C:\windows\System32\WDSCORE.dll 6.1.7601.17514 - Panther Engine Module ? Microsoft Corporation. All rights reserved. -6cc20000 : C:\windows\system32\VCRUNTIME140.dll 14.29.30040.0 - Microsoft? C Runtime Library ? Microsoft Corporation. All rights reserved. -6d840000 : C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -6f7f0000 : C:\windows\system32\api-ms-win-core-file-l2-1-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -6f800000 : C:\Windows\SysWOW64\wuapi.dll 7.6.7601.24542 - Windows Update 客户端 API ? Microsoft Corporation. All rights reserved. -70120000 : C:\windows\system32\IME\QQPinyinTSF\QQPinyin.ime 6.6.6304.400 - QQ拼音输入法 Copyright ? 2007-2020 Sogou Inc. All Rights Reserved. -71320000 : C:\windows\System32\SensorsApi.dll 6.1.7600.16385 - Sensor API ? Microsoft Corporation. All rights reserved. -71350000 : C:\windows\system32\explorerframe.dll 6.1.7601.24468 - ExplorerFrame ? Microsoft Corporation. All rights reserved. -715e0000 : C:\windows\system32\PROPSYS.dll 7.0.7601.23403 - Microsoft 属性系统 ? Microsoft Corporation. All rights reserved. -716e0000 : C:\Windows\SysWow64\IME\QQPinyinTSF\QQPinyinTSF.dll 6.6.6304.400 - QQ拼音输入法 Copyright ? 2007-2020 Sogou Inc. All Rights Reserved. -71750000 : C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll 8.0.50727.6195 - Microsoft? C++ Runtime Library ? Microsoft Corporation. All rights reserved. -71da0000 : C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll 8.0.50727.6195 - Microsoft? C Runtime Library ? Microsoft Corporation. All rights reserved. -71e70000 : C:\windows\System32\wship6.dll 6.1.7600.16385 - Winsock2 帮助程序 DLL (TL/IPv6) ? Microsoft Corporation. All rights reserved. -71ea0000 : C:\windows\system32\WINSTA.dll 6.1.7601.23403 - Winstation Library ? Microsoft Corporation. All rights reserved. -71f00000 : C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -721e0000 : C:\windows\system32\uxtheme.dll 6.1.7601.23403 - Microsoft UxTheme 库 ? Microsoft Corporation. All rights reserved. -72260000 : C:\windows\system32\msimg32.dll 6.1.7601.24535 - GDIEXT Client DLL ? Microsoft Corporation. All rights reserved. -72330000 : C:\windows\system32\srvcli.dll 6.1.7601.17514 - Server Service Client DLL ? Microsoft Corporation. All rights reserved. -72440000 : C:\windows\system32\WINMM.dll 6.1.7601.23403 - MCI API DLL ? Microsoft Corporation. All rights reserved. -72480000 : C:\windows\system32\RpcRtRemote.dll 6.1.7601.17514 - Remote RPC Extension ? Microsoft Corporation. All rights reserved. -72490000 : C:\windows\System32\wshtcpip.dll 6.1.7600.16385 - Winsock2 帮助程序 DLL (TL/IPv4) ? Microsoft Corporation. All rights reserved. -724a0000 : C:\windows\system32\dwmapi.dll 6.1.7601.23403 - Microsoft 桌面窗口管理器 API ? Microsoft Corporation. All rights reserved. -72540000 : C:\windows\system32\msi.dll 5.0.7601.24535 - Windows Installer ? Microsoft Corporation. All rights reserved. -727f0000 : C:\Windows\SysWOW64\OLEACC.dll 7.0.0.0 - Active Accessibility Core Component ? Microsoft Corporation. All rights reserved. -72940000 : C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll 6.1.7601.24542 - Microsoft GDI+ ? Microsoft Corporation. All rights reserved. -72ae0000 : C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\COMCTL32.dll 6.10.7601.24483 - 用户体验控件库 ? Microsoft Corporation. All rights reserved. -72cc0000 : C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -72cd0000 : C:\windows\system32\pdh.dll 6.1.7601.23717 - Windows 性能数据助手 DLL ? Microsoft Corporation. All rights reserved. -72d10000 : C:\windows\system32\pnrpnsp.dll 6.1.7600.16385 - PNRP 命名空间提供程序 ? Microsoft Corporation. All rights reserved. -72d30000 : C:\Windows\SysWOW64\Cabinet.dll 6.1.7601.17514 - Microsoft? Cabinet File API ? Microsoft Corporation. All rights reserved. -72d50000 : C:\windows\system32\mlang.dll 6.1.7600.16385 - 多语言支持 DLL ? Microsoft Corporation. All rights reserved. -72d80000 : C:\windows\system32\DUI70.dll 6.1.7601.23403 - Windows DirectUI 引擎 ? Microsoft Corporation. All rights reserved. -72e40000 : C:\windows\system32\DUser.dll 6.1.7600.16385 - Windows DirectUser Engine ? Microsoft Corporation. All rights reserved. -72f70000 : C:\windows\System32\winrnr.dll 6.1.7600.16385 - LDAP RnR Provider DLL ? Microsoft Corporation. All rights reserved. -73a60000 : C:\windows\system32\rtutils.dll 6.1.7601.17514 - Routing Utilities ? Microsoft Corporation. All rights reserved. -73a70000 : C:\windows\system32\rasman.dll 6.1.7600.16385 - Remote Access Connection Manager ? Microsoft Corporation. All rights reserved. -73a90000 : C:\windows\system32\RASAPI32.dll 6.1.7601.23403 - Remote Access API ? Microsoft Corporation. All rights reserved. -73b10000 : C:\windows\system32\QUARTZ.dll 6.6.7601.24537 - DirectShow Runtime. ? Microsoft Corporation. All rights reserved. -73d10000 : C:\windows\system32\WindowsCodecs.dll 6.1.7601.24241 - Microsoft Windows Codecs Library ? Microsoft Corporation. All rights reserved. -73fe0000 : C:\windows\system32\DbgHelp.dll 6.1.7601.17514 - Windows Image Helper ? Microsoft Corporation. All rights reserved. -740d0000 : C:\windows\system32\apphelp.dll 6.1.7601.23403 - 应用程序兼容性客户端库 ? Microsoft Corporation. All rights reserved. -74120000 : C:\windows\System32\fwpuclnt.dll 6.1.7601.24000 - FWP/IPsec 用户模式 API ? Microsoft Corporation. All rights reserved. -74160000 : C:\windows\system32\napinsp.dll 6.1.7600.16385 - 电子邮件命名填充提供程序 ? Microsoft Corporation. All rights reserved. -741e0000 : C:\windows\system32\rsaenh.dll 6.1.7600.16385 - Microsoft Enhanced Cryptographic Provider ? Microsoft Corporation. All rights reserved. -74220000 : C:\windows\System32\nlaapi.dll 6.1.7601.24000 - Network Location Awareness 2 ? Microsoft Corporation. All rights reserved. -74270000 : C:\windows\system32\rasadhlp.dll 6.1.7600.16385 - Remote Access AutoDial Helper ? Microsoft Corporation. All rights reserved. -74290000 : C:\windows\system32\DNSAPI.dll 6.1.7601.24168 - DNS 客户端 API DLL ? Microsoft Corporation. All rights reserved. -742e0000 : C:\windows\system32\mswsock.dll 6.1.7601.23451 - Microsoft Windows Sockets 2.0 服务提供程序 ? Microsoft Corporation. All rights reserved. -74320000 : C:\windows\system32\ntmarta.dll 6.1.7600.16385 - Windows NT MARTA 提供程序 ? Microsoft Corporation. All rights reserved. -74370000 : C:\windows\system32\CRYPTSP.dll 6.1.7601.24499 - Cryptographic Service Provider API ? Microsoft Corporation. All rights reserved. -74540000 : C:\windows\system32\api-ms-win-core-synch-l1-2-0.DLL 10.0.14393.2990 - ApiSet Stub DLL ? Microsoft Corporation. All rights reserved. -74550000 : C:\windows\system32\profapi.dll 6.1.7600.16385 - User Profile Basic API ? Microsoft Corporation. All rights reserved. -74560000 : C:\windows\system32\USERENV.dll 6.1.7601.24535 - Userenv ? Microsoft Corporation. All rights reserved. -745b0000 : C:\windows\system32\es.dll 2001.12.8530.16385 - COM+ ? Microsoft Corporation. All rights reserved. -747a0000 : C:\windows\System32\npmproxy.dll 6.1.7601.23403 - Network List Manager Proxy ? Microsoft Corporation. All rights reserved. -748d0000 : C:\windows\system32\WTSAPI32.dll 6.1.7601.17514 - Windows Remote Desktop Session Host Server SDK APIs ? Microsoft Corporation. All rights reserved. -748e0000 : C:\windows\system32\VERSION.dll 6.1.7601.23403 - Version Checking and File Installation Libraries ? Microsoft Corporation. All rights reserved. -748f0000 : C:\Windows\SysWOW64\wups.dll 7.6.7601.24542 - Windows Update client proxy stub ? Microsoft Corporation. All rights reserved. -74900000 : C:\windows\system32\oledlg.dll 6.1.7600.16385 - OLE 用户界面支持 ? Microsoft Corporation. All rights reserved. -74990000 : C:\windows\system32\WINNSI.DLL 6.1.7601.23889 - Network Store Information RPC interface ? Microsoft Corporation. All rights reserved. -749a0000 : C:\windows\system32\iphlpapi.dll 6.1.7601.23403 - IP Helper API ? Microsoft Corporation. All rights reserved. -74af0000 : C:\windows\System32\slc.dll 6.1.7600.16385 - 软件授权客户端 Dll ? Microsoft Corporation. All rights reserved. -74c20000 : C:\windows\syswow64\CRYPTBASE.dll 6.1.7601.24545 - Base cryptographic API DLL ? Microsoft Corporation. All rights reserved. -74c30000 : C:\windows\syswow64\SspiCli.dll 6.1.7601.24545 - Security Support Provider Interface ? Microsoft Corporation. All rights reserved. -74c90000 : C:\windows\syswow64\comdlg32.dll 6.1.7601.23403 - Common Dialogs DLL ? Microsoft Corporation. All rights reserved. -74d10000 : C:\windows\syswow64\WS2_32.dll 6.1.7601.23451 - Windows Socket 2.0 32 位 DLL ? Microsoft Corporation. All rights reserved. -74d50000 : C:\windows\syswow64\ole32.dll 6.1.7601.24537 - 用于 Windows 的 Microsoft OLE ? Microsoft Corporation. All rights reserved. -74eb0000 : C:\windows\syswow64\MSCTF.dll 6.1.7601.24520 - MSCTF 服务器 DLL ? Microsoft Corporation. All rights reserved. -74f80000 : C:\windows\syswow64\CLBCatQ.DLL 2001.12.8531.23403 - COM+ Configuration Catalog ? Microsoft Corporation. All rights reserved. -750a0000 : C:\windows\syswow64\XmlLite.dll 1.3.1001.0 - Microsoft XmlLite Library Copyright (C) Microsoft Corporation. 2005 -750d0000 : C:\windows\syswow64\SHLWAPI.dll 6.1.7601.23403 - 外壳简易实用工具库 ? Microsoft Corporation. All rights reserved. -75130000 : C:\windows\syswow64\LPK.dll 6.1.7601.24537 - Language Pack ? Microsoft Corporation. All rights reserved. -75140000 : C:\windows\syswow64\WININET.dll 8.0.7601.19104 - Win32 的 Internet 扩展 ? Microsoft Corporation. All rights reserved. -75240000 : C:\windows\SysWOW64\sechost.dll 6.1.7601.23403 - Host for SCM/SDDL/LSA Lookup APIs ? Microsoft Corporation. All rights reserved. -75260000 : C:\windows\syswow64\USER32.dll 6.1.7601.24545 - 多用户 Windows 用户 API 客户端 DLL ? Microsoft Corporation. All rights reserved. -75360000 : C:\windows\syswow64\CRYPT32.dll 6.1.7601.24542 - 加密 API32 ? Microsoft Corporation. All rights reserved. -75490000 : C:\windows\syswow64\MSASN1.dll 6.1.7601.23403 - ASN.1 Runtime APIs ? Microsoft Corporation. All rights reserved. -754a0000 : C:\windows\system32\normaliz.dll 6.1.7600.16385 - Unicode Normalization DLL ? Microsoft Corporation. All rights reserved. -754b0000 : C:\windows\syswow64\WLDAP32.dll 6.1.7601.23889 - Win32 LDAP API DLL ? Microsoft Corporation. All rights reserved. -75500000 : C:\windows\syswow64\ADVAPI32.dll 6.1.7601.24545 - 高级 Windows 32 基本 API ? Microsoft Corporation. All rights reserved. -755b0000 : C:\windows\syswow64\CFGMGR32.dll 6.1.7601.23403 - Configuration Manager DLL ? Microsoft Corporation. All rights reserved. -755e0000 : C:\windows\syswow64\kernel32.dll 6.1.7601.24545 - Windows NT 基本 API 客户端 DLL ? Microsoft Corporation. All rights reserved. -756f0000 : C:\windows\syswow64\KERNELBASE.dll 6.1.7601.24545 - Windows NT 基本 API 客户端 DLL ? Microsoft Corporation. All rights reserved. -75740000 : C:\windows\syswow64\msvcrt.dll 7.0.7601.23403 - Windows NT CRT DLL ? Microsoft Corporation. All rights reserved. -757f0000 : C:\windows\syswow64\USP10.dll 1.626.7601.24535 - Uniscribe Unicode script processor ? Microsoft Corporation. All rights reserved. -75890000 : C:\windows\syswow64\GDI32.dll 6.1.7601.24540 - GDI Client DLL ? Microsoft Corporation. All rights reserved. -75920000 : C:\windows\syswow64\NSI.dll 6.1.7601.23889 - NSI User-mode interface DLL ? Microsoft Corporation. All rights reserved. -75930000 : C:\windows\syswow64\WINTRUST.dll 6.1.7601.24542 - Microsoft Trust Verification APIs ? Microsoft Corporation. All rights reserved. -75960000 : C:\windows\syswow64\iertutil.dll 8.0.7601.19104 - Run time utility for Internet Explorer ? Microsoft Corporation. All rights reserved. -75bd0000 : C:\windows\syswow64\SETUPAPI.dll 6.1.7601.23403 - Windows 安装程序 API ? Microsoft Corporation. All rights reserved. -75d70000 : C:\windows\syswow64\OLEAUT32.dll 6.1.7601.24537 - ? Microsoft Corporation. All rights reserved. -75e10000 : C:\windows\syswow64\urlmon.dll 8.0.7601.19104 - Win32 的 OLE32 扩展 ? Microsoft Corporation. All rights reserved. -75f50000 : C:\windows\syswow64\SHELL32.dll 6.1.7601.24468 - Windows 外壳公用 DLL ? Microsoft Corporation. All rights reserved. -76ba0000 : C:\windows\system32\IMM32.DLL 6.1.7601.23403 - Multi-User Windows IMM32 API Client DLL ? Microsoft Corporation. All rights reserved. -76c00000 : C:\windows\syswow64\RPCRT4.dll 6.1.7601.24545 - 远程过程调用运行时 ? Microsoft Corporation. All rights reserved. -76cf0000 : C:\windows\system32\imagehlp.dll 6.1.7601.23403 - Windows NT Image Helper ? Microsoft Corporation. All rights reserved. -76d20000 : C:\windows\syswow64\DEVOBJ.dll 6.1.7601.23403 - Device Information Set DLL ? Microsoft Corporation. All rights reserved. -76d40000 : C:\windows\syswow64\PSAPI.DLL 6.1.7600.16385 - Process Status Helper ? Microsoft Corporation. All rights reserved. -77130000 : C:\windows\SysWOW64\ntdll.dll 6.1.7601.24545 - NT 层 DLL ? Microsoft Corporation. All rights reserved. Registers: EAX 00000000 EBX 00000000 ECX 06f9eb30 EDX 0000037d ESI 06f9eb30 EDI 00000000 DS 002b ES 002b FS 0053 GS 002b SS/ESP/EBP 002b/06f9db84/06f9db88 CS/EIP 0023/007e9207 EFlags 00010216 (Parity,Adjust,Interrupt,Restart) Stack Dump: 06f9eb30 06f9dc00 0049647e 00000000 06f9eb30 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 06f9dbc4 00000000 00000031 004c0053 0020005d 00520045 00200052 0020003a 00720065 006f0072 003a0072 00300030 06f9eb30 00300030 06f9dc50 0086d2bb ffffffff 06f9dc5c 00496e79 066805b0 00000001 06f9eb30 066805b0 06f9eb30 066805b0 0069553b 06f9eb30 066805b0 066805b0 06f9dc60 00695501 00000001 00000000 06f9dc60 06f9dc60 06f9dc60 007e7200 06f9dc80 0086d300 ffffffff 06f9dc8c 00494146 066805b0 00000000 00000000 12e40c88 065846f0 06f9eb30 066805b0 06f9dd4c CallStack Trace: 00 : 007e9207/003e8207 [00000000,06f9eb30,00000000,00000000] @ ssp.exe (SSL_get1_session 007e9200 f libssl:libssl-lib-ssl_sess.obj->0x7) 01 : 0049647e/0009547e [066805b0,00000001,06f9eb30,066805b0] @ ssp.exe (JSocket::ProcessX509Info->0x2e) 02 : 00496e79/00095e79 [066805b0,00000000,00000000,12e40c88] @ ssp.exe (JSocket::SSLProcessAfterConnect->0x49) 03 : 00494146/00093146 [12e40c88,00040000,00000000,00000000] @ ssp.exe (JSocket::recv_wrapper->0xe6) 04 : 004958da/000948da [12e40c88,00040000,06f9dce4,005b331f] @ ssp.exe (JSocket::Recv->0x10a) 05 : 005b2bd3/001b1bd3 [12e40c88,00040000,00000000,06f9eb30] @ ssp.exe (SPStreamFilterSocket::ReadImpl->0x13) 06 : 005b331f/001b231f [12e40c88,00040000,00000000,06f9f17c] @ ssp.exe (SPStreamFilter::Read->0x5f) 07 : 0052b857/0012a857 [065846f0,02abc8c0,06f9dfa4,00000000] @ ssp.exe (SPHttp::RealReadContent->0xd7) 08 : 0052a68d/0012968d [02abc8c0,065e0528,00000000,00000001] @ ssp.exe (SPHttp::RealRead->0x133d) 09 : 00528c2d/00127c2d [02abc8c0,065e0528,06f9f114,00000001] @ ssp.exe (SPHttp::Read->0x9d) 10 : 0052c1e5/0012b1e5 [02abc8c0,06513f80,00000000,00000000] @ ssp.exe (SPHttp::Redirect->0x325) 11 : 0052a4d6/001294d6 [02abc8c0,02a88cf8,00000000,00000001] @ ssp.exe (SPHttp::RealRead->0x1186) 12 : 00528c2d/00127c2d [02abc8c0,02a88cf8,00000000,00000001] @ ssp.exe (SPHttp::Read->0x9d) 13 : 00528901/00127901 [02abc8c0,02a88cf8,00000000,00000001] @ ssp.exe (SPHttp::RetryConnect->0xa1) 14 : 0052ab59/00129b59 [02abc8c0,02a88cf8,00000000,00000001] @ ssp.exe (SPHttp::RealRead->0x1809) 15 : 00528c2d/00127c2d [02abc8c0,02a88cf8,06f9f114,00000001] @ ssp.exe (SPHttp::Read->0x9d) 16 : 0052c1e5/0012b1e5 [02abc8c0,06561e68,00000000,064fe480] @ ssp.exe (SPHttp::Redirect->0x325) 17 : 0052a4d6/001294d6 [02abc8c0,02ad7a70,00000000,00000001] @ ssp.exe (SPHttp::RealRead->0x1186) 18 : 00528c2d/00127c2d [02abc8c0,02ad7a70,00000000,00000001] @ ssp.exe (SPHttp::Read->0x9d) 19 : 00528b46/00127b46 [02abc8c0,ffffffff,00000000,00000001] @ ssp.exe (SPHttp::ReadSimple->0x196) 20 : 0043d88d/0003c88d [06517590,00000000,0089278c,06f9ff00] @ ssp.exe (CHelperMainWnd::DownloadProcNarSSF->0x72d) 21 : 0043d155/0003c155 [0651d468,06f9fe5c,755f17bc,02a8a580] @ ssp.exe (CHelperMainWnd::DownloadProcNar->0x15) 22 : 0043a631/00039631 [00000001,02a8a5d4,06f9ff40,00594f3c] @ ssp.exe (CHelperMainWnd::DownloadProc->0x2c1) 23 : 00595104/00194104 [0651d468,00000000,0657c810,0657c810] @ ssp.exe (SPSTMThreadDescProc::Execute->0x14) 24 : 00594f3c/00193f3c [02a33c3c,00000001,06f9ff88,0083ddf4] @ ssp.exe (SPSimpleThreadManager::BeginThreadProcShared->0xac) 25 : 00595043/00194043 [02a8a580,00000000,00000000,0657c810] @ ssp.exe (SPSimpleThreadManager::BeginThreadProcNormal->0x13) 26 : 0083ddf4/0043cdf4 [0657c810,06f9ffd4,77169812,0657c810] @ ssp.exe (_beginthread 0083dcfc f libcmt:thread.obj->0xf8) 27 : 755f343d/0000343d [0657c810,71c29613,00000000,00000000] @ kernel32.dll (BaseThreadInitThunk->0x12) 28 : 77169812/00029812 [0083dd73,0657c810,00000000,00000000] @ ntdll.dll (RtlInitializeExceptionChain->0x63) 29 : 771697e5/000297e5 [0083dd73,0657c810,00000000,00000000] @ ntdll.dll (RtlInitializeExceptionChain->0x36) Total StackDepth : 30