popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

longearthgrinch.png

Emotet PE32 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 July 3, 2021, 6:25 p.m. July 3, 2021, 6:31 p.m.
Size 344.0KB
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 3adbcd5aca263146322d0a21e54a1c47
SHA256 46fee344195d41783092aed90740308f1b0559e8f753f68cc5c8103a157bca96
CRC32 E242067F
ssdeep 6144:F62tjX2w0x8GcDdbVRvCdEnjzOWy24Qm4:J1NvCUSW6
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
154.58.23.192 Active Moloch
164.124.101.2 Active Moloch
185.56.76.108 Active Moloch
185.56.76.28 Active Moloch
204.138.26.60 Active Moloch
24.162.214.166 Active Moloch
38.110.100.104 Active Moloch
38.110.103.113 Active Moloch
38.110.103.124 Active Moloch
45.36.99.184 Active Moloch
60.51.47.65 Active Moloch
68.69.26.182 Active Moloch
80.15.2.105 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49536 -> 185.56.76.108:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49529 -> 38.110.103.124:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49530 -> 38.110.100.104:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 38.110.100.104:443 -> 192.168.56.101:49530 2011540 ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) Not Suspicious Traffic
TCP 192.168.56.101:49539 -> 38.110.103.113:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49541 -> 185.56.76.28:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49540 -> 24.162.214.166:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 24.162.214.166:443 -> 192.168.56.101:49540 2011540 ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) Not Suspicious Traffic
TCP 192.168.56.101:49537 -> 60.51.47.65:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 60.51.47.65:443 -> 192.168.56.101:49537 2011540 ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) Not Suspicious Traffic
TCP 192.168.56.101:49525 -> 204.138.26.60:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49531 -> 38.110.103.124:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49521 -> 45.36.99.184:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 45.36.99.184:443 -> 192.168.56.101:49521 2011540 ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) Not Suspicious Traffic
TCP 192.168.56.101:49528 -> 185.56.76.28:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49543 -> 80.15.2.105:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 80.15.2.105:443 -> 192.168.56.101:49543 2011540 ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) Not Suspicious Traffic
TCP 192.168.56.101:49533 -> 185.56.76.28:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49534 -> 204.138.26.60:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 192.168.56.101:49542 -> 154.58.23.192:443 2028401 ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex Unknown Traffic
TCP 154.58.23.192:443 -> 192.168.56.101:49542 2011540 ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) Not Suspicious Traffic

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49536
185.56.76.108:443 		C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-78:8A:20:CC:52:47/emailAddress=support@ubnt.com C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-78:8A:20:CC:52:47/emailAddress=support@ubnt.com d6:b9:fb:f6:d3:46:bd:b4:fb:8e:3e:15:46:aa:1d:93:85:15:ad:74
TLSv1
192.168.56.101:49529
38.110.103.124:443 		C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-78:8A:20:EC:48:A1/emailAddress=support@ubnt.com C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-78:8A:20:EC:48:A1/emailAddress=support@ubnt.com e6:60:4a:40:4a:b9:63:85:da:e8:fc:ec:75:e2:1a:7e:85:1f:49:1e
TLSv1
192.168.56.101:49530
38.110.100.104:443 		C=AU, ST=Some-State, O=Internet Widgits Pty Ltd C=AU, ST=Some-State, O=Internet Widgits Pty Ltd b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02
TLSv1
192.168.56.101:49539
38.110.103.113:443 		C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-78:8A:20:10:C4:5A/emailAddress=support@ubnt.com C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-78:8A:20:10:C4:5A/emailAddress=support@ubnt.com f8:a6:1d:83:c7:74:cb:aa:74:13:1b:31:74:93:a5:b4:a4:1b:bd:c5
TLSv1
192.168.56.101:49541
185.56.76.28:443 		None None None
TLSv1
192.168.56.101:49540
24.162.214.166:443 		C=AU, ST=Some-State, O=Internet Widgits Pty Ltd C=AU, ST=Some-State, O=Internet Widgits Pty Ltd b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02
TLSv1
192.168.56.101:49537
60.51.47.65:443 		C=AU, ST=Some-State, O=Internet Widgits Pty Ltd C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 50:fd:fd:4e:2c:57:ea:f7:c9:cd:3f:61:4a:a2:40:01:1b:b8:df:02
TLSv1
192.168.56.101:49525
204.138.26.60:443 		C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-80:2A:A8:FE:3F:A4/emailAddress=support@ubnt.com C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-80:2A:A8:FE:3F:A4/emailAddress=support@ubnt.com bd:6e:61:62:17:19:85:a8:d5:cd:95:e9:df:f4:e6:cf:e0:a6:2a:b6
TLSv1
192.168.56.101:49531
38.110.103.124:443 		None None None
TLSv1
192.168.56.101:49521
45.36.99.184:443 		C=AU, ST=Some-State, O=Internet Widgits Pty Ltd C=AU, ST=Some-State, O=Internet Widgits Pty Ltd b5:21:a8:16:d5:97:b1:67:f6:60:a5:cb:20:27:76:ec:3c:9d:3b:02
TLSv1
192.168.56.101:49528
185.56.76.28:443 		C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-04:18:D6:60:A9:58/emailAddress=support@ubnt.com C=US, ST=CA, L=San Jose, O=Ubiquiti Networks Inc., OU=Technical Support, CN=UBNT-04:18:D6:60:A9:58/emailAddress=support@ubnt.com d5:f6:fc:d3:3f:5a:28:7b:3e:ab:0b:d8:e8:cf:3e:cc:3f:85:7a:af
TLSv1
192.168.56.101:49543
80.15.2.105:443 		C=AU, ST=Some-State, O=Internet Widgits Pty Ltd C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 50:fd:fd:4e:2c:57:ea:f7:c9:cd:3f:61:4a:a2:40:01:1b:b8:df:02
TLSv1
192.168.56.101:49533
185.56.76.28:443 		None None None
TLSv1
192.168.56.101:49534
204.138.26.60:443 		None None None
TLSv1
192.168.56.101:49542
154.58.23.192:443 		C=AU, ST=Some-State, O=Internet Widgits Pty Ltd C=AU, ST=Some-State, O=Internet Widgits Pty Ltd 50:fd:fd:4e:2c:57:ea:f7:c9:cd:3f:61:4a:a2:40:01:1b:b8:df:02

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
packer Armadillo v1.xx - v2.xx
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 89 06 88 4e 04 8b c6 5e c2 08 00 90 90 90 8a 41
exception.instruction: mov dword ptr [esi], eax
exception.exception_code: 0xc0000005
exception.symbol: ??0CDllLoader@@QAE@PBD_N@Z+0x12 ??1CDllLoader@@QAE@XZ-0xe longearthgrinch+0x2182
exception.address: 0x10002182
registers.esp: 2489192
registers.edi: 0
registers.eax: 0
registers.ebp: 2489312
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x450c DllRegisterServer-0xcb64a mfc42+0x13290 @ 0x73ca3290
??0CFrameWndEx@@QAE@XZ+0x22 ??1CFrameWndEx@@UAE@XZ-0xbe longearthgrinch+0x23b2 @ 0x100023b2
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 00 d8 a7 c9 73 c3 90 90 ec a7 c9 73 ef 6d d0
exception.instruction: mov dword ptr [eax], 0x73c9a7d8
exception.exception_code: 0xc0000005
exception.symbol: ?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B-0x4581 mfc42+0xa7cb
exception.address: 0x73c9a7cb
registers.esp: 982384
registers.edi: 0
registers.eax: 0
registers.ebp: 982416
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x450c DllRegisterServer-0xcb64a mfc42+0x13290 @ 0x73ca3290
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x11a24 DllRegisterServer-0xbe132 mfc42+0x207a8 @ 0x73cb07a8
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 00 d8 a7 c9 73 c3 90 90 ec a7 c9 73 ef 6d d0
exception.instruction: mov dword ptr [eax], 0x73c9a7d8
exception.exception_code: 0xc0000005
exception.symbol: ?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B-0x4581 mfc42+0xa7cb
exception.address: 0x73c9a7cb
registers.esp: 1310084
registers.edi: 0
registers.eax: 0
registers.ebp: 1310116
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x450c DllRegisterServer-0xcb64a mfc42+0x13290 @ 0x73ca3290
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x1b874 DllRegisterServer-0xb42e2 mfc42+0x2a5f8 @ 0x73cba5f8
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 00 d8 a7 c9 73 c3 90 90 ec a7 c9 73 ef 6d d0
exception.instruction: mov dword ptr [eax], 0x73c9a7d8
exception.exception_code: 0xc0000005
exception.symbol: ?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B-0x4581 mfc42+0xa7cb
exception.address: 0x73c9a7cb
registers.esp: 2226084
registers.edi: 0
registers.eax: 0
registers.ebp: 2226116
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x450c DllRegisterServer-0xcb64a mfc42+0x13290 @ 0x73ca3290
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 00 d8 a7 c9 73 c3 90 90 ec a7 c9 73 ef 6d d0
exception.instruction: mov dword ptr [eax], 0x73c9a7d8
exception.exception_code: 0xc0000005
exception.symbol: ?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B-0x4581 mfc42+0xa7cb
exception.address: 0x73c9a7cb
registers.esp: 2620696
registers.edi: 0
registers.eax: 0
registers.ebp: 2620728
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x450c DllRegisterServer-0xcb64a mfc42+0x13290 @ 0x73ca3290
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 00 d8 a7 c9 73 c3 90 90 ec a7 c9 73 ef 6d d0
exception.instruction: mov dword ptr [eax], 0x73c9a7d8
exception.exception_code: 0xc0000005
exception.symbol: ?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B-0x4581 mfc42+0xa7cb
exception.address: 0x73c9a7cb
registers.esp: 1309308
registers.edi: 0
registers.eax: 0
registers.ebp: 1309340
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x450c DllRegisterServer-0xcb64a mfc42+0x13290 @ 0x73ca3290
??0CPreviewViewEx@@QAE@XZ+0x8 ?OnActivateView@CPreviewViewEx@@UAEXHPAVCView@@0@Z-0x88 longearthgrinch+0x74b8 @ 0x100074b8
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 00 d8 a7 c9 73 c3 90 90 ec a7 c9 73 ef 6d d0
exception.instruction: mov dword ptr [eax], 0x73c9a7d8
exception.exception_code: 0xc0000005
exception.symbol: ?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B-0x4581 mfc42+0xa7cb
exception.address: 0x73c9a7cb
registers.esp: 2489324
registers.edi: 0
registers.eax: 0
registers.ebp: 2489356
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x450c DllRegisterServer-0xcb64a mfc42+0x13290 @ 0x73ca3290
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 00 d8 a7 c9 73 c3 90 90 ec a7 c9 73 ef 6d d0
exception.instruction: mov dword ptr [eax], 0x73c9a7d8
exception.exception_code: 0xc0000005
exception.symbol: ?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B-0x4581 mfc42+0xa7cb
exception.address: 0x73c9a7cb
registers.esp: 3014104
registers.edi: 0
registers.eax: 0
registers.ebp: 3014136
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x450c DllRegisterServer-0xcb64a mfc42+0x13290 @ 0x73ca3290
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 00 d8 a7 c9 73 c3 90 90 ec a7 c9 73 ef 6d d0
exception.instruction: mov dword ptr [eax], 0x73c9a7d8
exception.exception_code: 0xc0000005
exception.symbol: ?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B-0x4581 mfc42+0xa7cb
exception.address: 0x73c9a7cb
registers.esp: 1374820
registers.edi: 0
registers.eax: 0
registers.ebp: 1374852
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x41ee DllRegisterServer-0xcb968 mfc42+0x12f72 @ 0x73ca2f72
??0CWinAppEx@@QAE@PBD@Z+0x30 ??1CWinAppEx@@UAE@XZ-0x1b0 longearthgrinch+0xc1b0 @ 0x1000c1b0
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 00 d8 a7 c9 73 c3 90 90 ec a7 c9 73 ef 6d d0
exception.instruction: mov dword ptr [eax], 0x73c9a7d8
exception.exception_code: 0xc0000005
exception.symbol: ?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B-0x4581 mfc42+0xa7cb
exception.address: 0x73c9a7cb
registers.esp: 2750040
registers.edi: 0
registers.eax: 0
registers.ebp: 2750072
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 8a 41 04 84 c0 74 0d 8b 01 85 c0 74 07 50 ff 15
exception.instruction: mov al, byte ptr [ecx + 4]
exception.exception_code: 0xc0000005
exception.symbol: ??0CDllLoader@@QAE@PBD_N@Z+0x20 ?IsLoaded@CDllLoader@@QAE_NXZ-0x20 longearthgrinch+0x2190
exception.address: 0x10002190
registers.esp: 980668
registers.edi: 0
registers.eax: 524756
registers.ebp: 980784
registers.edx: 9
registers.ebx: 0
registers.esi: 524756
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 06 40 10 01 10 8d 8e a0 02 00 00 c7 44 24 10
exception.instruction: mov dword ptr [esi], 0x10011040
exception.exception_code: 0xc0000005
exception.symbol: ??1CFrameWndEx@@UAE@XZ+0x1d ?DelayUpdateFrameMenu@CFrameWndEx@@MAEXPAUHMENU__@@@Z-0x63 longearthgrinch+0x248d
exception.address: 0x1000248d
registers.esp: 1046544
registers.edi: 0
registers.eax: 1046888
registers.ebp: 1046680
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 01 0c 16 01 10 e9 eb b9 00 00 90 90 90 90 90
exception.instruction: mov dword ptr [ecx], 0x1001160c
exception.exception_code: 0xc0000005
exception.symbol: ??0CMDIChildWndEx@@QAE@XZ+0x80 ?_GetBaseMessageMap@CMDIChildWndEx@@KGPBUAFX_MSGMAP@@XZ-0x10 longearthgrinch+0x2f30
exception.address: 0x10002f30
registers.esp: 719336
registers.edi: 0
registers.eax: 524848
registers.ebp: 719452
registers.edx: 9
registers.ebx: 0
registers.esi: 524848
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 06 fc 11 01 10 8d 8e ac 02 00 00 c7 44 24 10
exception.instruction: mov dword ptr [esi], 0x100111fc
exception.exception_code: 0xc0000005
exception.symbol: ??1CMDIFrameWndEx@@UAE@XZ+0x1d ?DelayUpdateFrameMenu@CMDIFrameWndEx@@MAEXPAUHMENU__@@@Z-0x83 longearthgrinch+0x29cd
exception.address: 0x100029cd
registers.esp: 3078160
registers.edi: 0
registers.eax: 3078504
registers.ebp: 3078296
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 06 90 19 01 10 8d be a0 00 00 00 c7 44 24 1c
exception.instruction: mov dword ptr [esi], 0x10011990
exception.exception_code: 0xc0000005
exception.symbol: ??1CMenuBar@@UAE@XZ+0x21 ?SetMenu@CMenuBar@@QAE_NPAUHMENU__@@@Z-0xaf longearthgrinch+0x50c1
exception.address: 0x100050c1
registers.esp: 1702628
registers.edi: 0
registers.eax: 1702984
registers.ebp: 1702776
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 06 e8 22 01 10 8d 8e ec 00 00 00 c7 44 24 18
exception.instruction: mov dword ptr [esi], 0x100122e8
exception.exception_code: 0xc0000005
exception.symbol: ??1CToolBarEx@@UAE@XZ+0x20 ?Create@CToolBarEx@@QAEHPAVCWnd@@KI@Z-0x90 longearthgrinch+0x9520
exception.address: 0x10009520
registers.esp: 1701652
registers.edi: 0
registers.eax: 1702004
registers.ebp: 1701796
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0xe1137d
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 06 64 74 ca 73 8d 7e 7c 8b cf c7 45 fc 01 00
exception.instruction: mov dword ptr [esi], 0x73ca7464
exception.exception_code: 0xc0000005
exception.symbol: ?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x55084 DllRegisterServer-0x7aad2 mfc42+0x63e08
exception.address: 0x73cf3e08
registers.esp: 2487904
registers.edi: 0
registers.eax: 2487920
registers.ebp: 2487932
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 06 c0 1e 01 10 c7 44 24 18 00 00 00 00 8d be
exception.instruction: mov dword ptr [esi], 0x10011ec0
exception.exception_code: 0xc0000005
exception.symbol: ??1CSizableReBar@@UAE@XZ+0x20 ?Create@CSizableReBar@@QAE_NPAVCWnd@@IK@Z-0x70 longearthgrinch+0x7900
exception.address: 0x10007900
registers.esp: 1439460
registers.edi: 0
registers.eax: 1439812
registers.ebp: 1439604
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 06 e8 22 01 10 8d 8e ec 00 00 00 c7 44 24 18
exception.instruction: mov dword ptr [esi], 0x100122e8
exception.exception_code: 0xc0000005
exception.symbol: ??1CToolBarEx@@UAE@XZ+0x20 ?Create@CToolBarEx@@QAEHPAVCWnd@@KI@Z-0x90 longearthgrinch+0x9520
exception.address: 0x10009520
registers.esp: 1833244
registers.edi: 0
registers.eax: 1833596
registers.ebp: 1833388
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 07 a0 25 01 10 33 db 89 5c 24 20 8d b7 58 02
exception.instruction: mov dword ptr [edi], 0x100125a0
exception.exception_code: 0xc0000005
exception.symbol: ??1CWinAppEx@@UAE@XZ+0x22 ?TrackPopupMenuEx@CWinAppEx@@SAHPAUHMENU__@@IHHPAVCWnd@@PAUtagTPMPARAMS@@@Z-0xfe longearthgrinch+0xc382
exception.address: 0x1000c382
registers.esp: 719524
registers.edi: 0
registers.eax: 719884
registers.ebp: 719676
registers.edx: 9
registers.ebx: 0
registers.esi: 524922
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 89 10 8b 49 04 89 48 04 c2 04 00 90 90 90 90 90
exception.instruction: mov dword ptr [eax], edx
exception.exception_code: 0xc0000005
exception.symbol: ??4CDllLoader@@QAEAAV0@ABV0@@Z+0x8 ??0CDllLoader@@QAE@PBD_N@Z-0x1168 longearthgrinch+0x1008
exception.address: 0x10001008
registers.esp: 1964464
registers.edi: 0
registers.eax: 0
registers.ebp: 1964580
registers.edx: 0
registers.ebx: 0
registers.esi: 459028
registers.ecx: 459028
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 80 23 00 10 10 24 00 10 20 21 00 10 e0 1f 00 10
exception.instruction: and byte ptr [ebx], 0
exception.exception_code: 0xc0000005
exception.symbol: ?_messageEntries@CMDIChildWndEx@@0QBUAFX_MSGMAP_ENTRY@@B+0x60 ??_7CMDIFrameWndEx@@6B@-0x3b4 longearthgrinch+0x10e48
exception.address: 0x10010e48
registers.esp: 2095488
registers.edi: 0
registers.eax: 197476
registers.ebp: 2095604
registers.edx: 9
registers.ebx: 0
registers.esi: 197476
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: a0 2e 00 10 d0 2e 00 10 20 21 00 10 e0 1f 00 10
exception.instruction: mov al, byte ptr [0xd010002e]
exception.exception_code: 0xc0000005
exception.symbol: ??_7CMDIFrameWndEx@@6B@+0x30c ?classCMenuBar@CMenuBar@@2UCRuntimeClass@@B-0x208 longearthgrinch+0x11508
exception.address: 0x10011508
registers.esp: 1310052
registers.edi: 0
registers.eax: 66532
registers.ebp: 1310168
registers.edx: 9
registers.ebx: 0
registers.esi: 66532
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: a0 28 00 10 50 29 00 10 20 21 00 10 e0 1f 00 10
exception.instruction: mov al, byte ptr [0x50100028]
exception.exception_code: 0xc0000005
exception.symbol: ??_7CFrameWndEx@@6B@+0x3b4 ??_7CMDIChildWndEx@@6B@-0x30c longearthgrinch+0x111fc
exception.address: 0x100111fc
registers.esp: 2161480
registers.edi: 0
registers.eax: 66678
registers.ebp: 2161596
registers.edx: 9
registers.ebx: 0
registers.esi: 66678
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 70 4e 00 10 e0 4f 00 10 20 21 00 10 e0 1f 00 10
exception.instruction: jo 0x100119e0
exception.exception_code: 0xc0000005
exception.symbol: ?_messageEntries@CMenuBar@@0QBUAFX_MSGMAP_ENTRY@@B+0x260 ?classCPreviewToolBar@CPreviewToolBar@@2UCRuntimeClass@@B-0x130 longearthgrinch+0x11990
exception.address: 0x10011990
registers.esp: 3014016
registers.edi: 0
registers.eax: 66680
registers.ebp: 3014132
registers.edx: 9
registers.ebx: 0
registers.esi: 66680
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: a0 73 00 10 c0 72 00 10 20 21 00 10 e0 1f 00 10
exception.instruction: mov al, byte ptr [0xc0100073]
exception.exception_code: 0xc0000005
exception.symbol: ?_messageEntries@CPreviewViewEx@@0QBUAFX_MSGMAP_ENTRY@@B+0x60 ??_7CPreviewViewEx@@6B@-0x10c longearthgrinch+0x11b58
exception.address: 0x10011b58
registers.esp: 2095136
registers.edi: 0
registers.eax: 197814
registers.ebp: 2095252
registers.edx: 9
registers.ebx: 0
registers.esi: 197814
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: a0 74 00 10 e0 74 00 10 20 21 00 10 e0 1f 00 10
exception.instruction: mov al, byte ptr [0xe0100074]
exception.exception_code: 0xc0000005
exception.symbol: ??_7CPreviewToolBar@@6B@+0x10c ?classCSizableReBar@CSizableReBar@@2UCRuntimeClass@@B-0x11c longearthgrinch+0x11c64
exception.address: 0x10011c64
registers.esp: 1439888
registers.edi: 0
registers.eax: 66774
registers.ebp: 1440004
registers.edx: 9
registers.ebx: 0
registers.esi: 66774
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: b0 77 00 10 80 78 00 10 20 21 00 10 e0 1f 00 10
exception.instruction: mov al, 0x77
exception.exception_code: 0xc0000005
exception.symbol: ?_messageEntries@CSizableReBar@@0QBUAFX_MSGMAP_ENTRY@@B+0x120 ?classCToolBarEx@CToolBarEx@@2UCRuntimeClass@@B-0x1c0 longearthgrinch+0x11ec0
exception.address: 0x10011ec0
registers.esp: 1965064
registers.edi: 0
registers.eax: 132360
registers.ebp: 1965180
registers.edx: 9
registers.ebx: 0
registers.esi: 132360
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 90 73 00 10 a0 94 00 10 20 21 00 10 e0 1f 00 10
exception.instruction: nop
exception.exception_code: 0xc0000005
exception.symbol: ?_messageEntries@CToolBarEx@@0QBUAFX_MSGMAP_ENTRY@@B+0x248 ?classCWinAppEx@CWinAppEx@@2UCRuntimeClass@@B-0x2a0 longearthgrinch+0x122e8
exception.address: 0x100122e8
registers.esp: 1898948
registers.edi: 0
registers.eax: 66884
registers.ebp: 1899064
registers.edx: 9
registers.ebx: 0
registers.esi: 66884
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: 70 c1 00 10 00 c3 00 10 20 21 00 10 e0 1f 00 10
exception.instruction: jo 0x10012563
exception.exception_code: 0xc0000005
exception.symbol: ?classCWinAppEx@CWinAppEx@@2UCRuntimeClass@@B+0x18 ?m_nStateInfoVersion@CSizableReBar@@1HA-0x5d44 longearthgrinch+0x125a0
exception.address: 0x100125a0
registers.esp: 3077836
registers.edi: 0
registers.eax: 66914
registers.ebp: 3077952
registers.edx: 9
registers.ebx: 0
registers.esi: 66914
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x41ee DllRegisterServer-0xcb968 mfc42+0x12f72 @ 0x73ca2f72
??0CWinAppEx@@QAE@PBD@Z+0x30 ??1CWinAppEx@@UAE@XZ-0x1b0 longearthgrinch+0xc1b0 @ 0x1000c1b0
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: c7 00 d8 a7 c9 73 c3 90 90 ec a7 c9 73 ef 6d d0
exception.instruction: mov dword ptr [eax], 0x73c9a7d8
exception.exception_code: 0xc0000005
exception.symbol: ?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B-0x4581 mfc42+0xa7cb
exception.address: 0x73c9a7cb
registers.esp: 653660
registers.edi: 0
registers.eax: 0
registers.ebp: 653692
registers.edx: 9
registers.ebx: 0
registers.esi: 0
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 

        
      
      
      

    
  
    
      
        exception.instruction_r:
        8b b5 ec 00 00 00 8d bd e4 00 00 00 83 c4 0c 8b
        

      
        exception.instruction:
        mov esi, dword ptr [ebp + 0xec]
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?DoAddBar@CSizableReBar@@IAE_NPAVCWnd@@PAUtagREBARBANDINFOA@@PBD_N3@Z+0x5b ?CalcFixedLayout@CSizableReBar@@UAE?AVCSize@@HH@Z-0x1b5 longearthgrinch+0x810b
        

      
        exception.address:
        0x1000810b
        

      
    
  
    
      
        registers.esp:
        3013316
        

      
        registers.edi:
        0
        

      
        registers.eax:
        3013364
        

      
        registers.ebp:
        0
        

      
        registers.edx:
        0
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        66958
        

      
        registers.ecx:
        11732944
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        8b b5 ec 00 00 00 8d bd e4 00 00 00 83 c4 0c 8b
        

      
        exception.instruction:
        mov esi, dword ptr [ebp + 0xec]
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?DoAddBar@CSizableReBar@@IAE_NPAVCWnd@@PAUtagREBARBANDINFOA@@PBD_N3@Z+0x5b ?CalcFixedLayout@CSizableReBar@@UAE?AVCSize@@HH@Z-0x1b5 longearthgrinch+0x810b
        

      
        exception.address:
        0x1000810b
        

      
    
  
    
      
        registers.esp:
        2815728
        

      
        registers.edi:
        0
        

      
        registers.eax:
        2815776
        

      
        registers.ebp:
        0
        

      
        registers.edx:
        0
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        67010
        

      
        registers.ecx:
        198608
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        8b 86 38 02 00 00 85 c0 75 1e a1 bc 84 01 10 8b
        

      
        exception.instruction:
        mov eax, dword ptr [esi + 0x238]
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?GetMenuImageList@CWinAppEx@@QAEPAVCImageList@@XZ+0x3 ?GetMenuImage@CWinAppEx@@QBEHI@Z-0x3d longearthgrinch+0xd043
        

      
        exception.address:
        0x1000d043
        

      
    
  
    
      
        registers.esp:
        2489168
        

      
        registers.edi:
        0
        

      
        registers.eax:
        0
        

      
        registers.ebp:
        2489336
        

      
        registers.edx:
        2130566132
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        0
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x766fd08c
TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x766f964b
TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x766e4d6b
TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x766e6f7c
CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x766ee825
TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x766e6002
TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x766e5fe8
TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x766e49e3
TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x766e5a20
RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x773d9a91
LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x773f8f10
RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x773f8e5c
ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x75737a25
rundll32+0x135c @ 0xe1135c
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25
        

      
        exception.symbol:
        TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4
        

      
        exception.instruction:
        call dword ptr [ecx + 0xc]
        

      
        exception.module:
        MSCTF.dll
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.offset:
        278260
        

      
        exception.address:
        0x76713ef4
        

      
    
  
    
      
        registers.esp:
        1637268
        

      
        registers.edi:
        0
        

      
        registers.eax:
        4819344
        

      
        registers.ebp:
        1637296
        

      
        registers.edx:
        1
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        5451640
        

      
        registers.ecx:
        1913009628
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x766fd08c
TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x766f964b
TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x766e4d6b
TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x766e6f7c
CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x766ee825
TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x766e6002
TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x766e5fe8
TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x766e49e3
TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x766e5a20
RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x773d9a91
LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x773f8f10
RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x773f8e5c
ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x75737a25
rundll32+0x135c @ 0xe1135c
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25
        

      
        exception.symbol:
        TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4
        

      
        exception.instruction:
        call dword ptr [ecx + 0xc]
        

      
        exception.module:
        MSCTF.dll
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.offset:
        278260
        

      
        exception.address:
        0x76713ef4
        

      
    
  
    
      
        registers.esp:
        3011928
        

      
        registers.edi:
        0
        

      
        registers.eax:
        47155600
        

      
        registers.ebp:
        3011956
        

      
        registers.edx:
        1
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        4435664
        

      
        registers.ecx:
        1913009628
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        8b 8b 5c 02 00 00 8d b3 58 02 00 00 85 c9 55 74
        

      
        exception.instruction:
        mov ecx, dword ptr [ebx + 0x25c]
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?AddMenuIcon@CWinAppEx@@QAEXIPBD@Z+0x36 ?ReplaceMenuIcon@CWinAppEx@@QAEXIPAUHICON__@@@Z-0x1ba longearthgrinch+0xc9e6
        

      
        exception.address:
        0x1000c9e6
        

      
    
  
    
      
        registers.esp:
        2488980
        

      
        registers.edi:
        0
        

      
        registers.eax:
        3680240
        

      
        registers.ebp:
        2489468
        

      
        registers.edx:
        2488270
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        67198
        

      
        registers.ecx:
        432300837
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
CallNextHookEx+0x50 BeginDeferWindowPos-0xe0 user32+0x262d5 @ 0x755c62d5
?CBTProc@CToolBarEx@@KGJHIJ@Z+0xfd ?OnBeginAdjust@CToolBarEx@@IAEXPAUtagNMHDR@@PAJ@Z-0x13 longearthgrinch+0xa4fd @ 0x1000a4fd
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        8b 48 28 8b 78 2c 8b f1 0b f7 0f 85 32 2d 00 00
        

      
        exception.symbol:
        CallNextHookEx+0x71 BeginDeferWindowPos-0xbf user32+0x262f6
        

      
        exception.instruction:
        mov ecx, dword ptr [eax + 0x28]
        

      
        exception.module:
        USER32.dll
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.offset:
        156406
        

      
        exception.address:
        0x755c62f6
        

      
    
  
    
      
        registers.esp:
        1832624
        

      
        registers.edi:
        0
        

      
        registers.eax:
        1082261504
        

      
        registers.ebp:
        1832632
        

      
        registers.edx:
        1791
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        2130556928
        

      
        registers.ecx:
        1791
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        8b 11 56 8b f0 83 e6 02 83 e0 01 56 50 8d 44 24
        

      
        exception.instruction:
        mov edx, dword ptr [ecx]
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?CalcDynamicLayout@CSizableReBar@@UAE?AVCSize@@HK@Z+0x7 ?WindowProc@CSizableReBar@@MAEJIIJ@Z-0x39 longearthgrinch+0x8427
        

      
        exception.address:
        0x10008427
        

      
    
  
    
      
        registers.esp:
        1374616
        

      
        registers.edi:
        0
        

      
        registers.eax:
        5154404
        

      
        registers.ebp:
        1374740
        

      
        registers.edx:
        9
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        67206
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        8b 86 9c 00 00 00 68 0c 04 00 00 50 c7 44 24 2c
        

      
        exception.instruction:
        mov eax, dword ptr [esi + 0x9c]
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?CalcFixedLayout@CSizableReBar@@UAE?AVCSize@@HH@Z+0x12 ?CalcDynamicLayout@CSizableReBar@@UAE?AVCSize@@HK@Z-0x14e longearthgrinch+0x82d2
        

      
        exception.address:
        0x100082d2
        

      
    
  
    
      
        registers.esp:
        2882444
        

      
        registers.edi:
        0
        

      
        registers.eax:
        67210
        

      
        registers.ebp:
        2882676
        

      
        registers.edx:
        9
        

      
        registers.ebx:
        1968988462
        

      
        registers.esi:
        0
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        8b 86 e4 00 00 00 85 c0 74 13 50 e8 1d 00 00 00
        

      
        exception.instruction:
        mov eax, dword ptr [esi + 0xe4]
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?CloseTheme@CMenuBar@@IAEXXZ+0x3 ??0CPreviewToolBar@@QAE@XZ-0x1dd longearthgrinch+0x70b3
        

      
        exception.address:
        0x100070b3
        

      
    
  
    
      
        registers.esp:
        1702156
        

      
        registers.edi:
        0
        

      
        registers.eax:
        67342
        

      
        registers.ebp:
        1702276
        

      
        registers.edx:
        9
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        0
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        8b 40 20 6a 00 6a 00 6a 1f 50 ff 15 80 06 01 10
        

      
        exception.instruction:
        mov eax, dword ptr [eax + 0x20]
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?ContinueTracking@CMenuBar@@IAEX_N@Z+0x8 ?ExitTrackingMode@CMenuBar@@IAEXXZ-0x28 longearthgrinch+0x5c88
        

      
        exception.address:
        0x10005c88
        

      
    
  
    
      
        registers.esp:
        1047580
        

      
        registers.edi:
        0
        

      
        registers.eax:
        0
        

      
        registers.ebp:
        1047700
        

      
        registers.edx:
        9
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        0
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        89 47 68 ff 15 44 07 01 10 50 68 00 7f 00 00 53
        

      
        exception.instruction:
        mov dword ptr [edi + 0x68], eax
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?Create@CSizableReBar@@QAE_NPAVCWnd@@IK@Z+0x2f ?AddBar@CSizableReBar@@QAE_NPAVCWnd@@PBDPAVCBitmap@@K1_N3@Z-0xb1 longearthgrinch+0x799f
        

      
        exception.address:
        0x1000799f
        

      
    
  
    
      
        registers.esp:
        587812
        

      
        registers.edi:
        0
        

      
        registers.eax:
        4236872
        

      
        registers.ebp:
        587976
        

      
        registers.edx:
        9
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        5285440
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x1bcf1 DllRegisterServer-0xb3e65 mfc42+0x2aa75 @ 0x73cbaa75
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x1c8da DllRegisterServer-0xb327c mfc42+0x2b65e @ 0x73cbb65e
?Create@CToolBarEx@@QAEHPAVCWnd@@KI@Z+0x3a ?SetTextOptions@CToolBarEx@@QAEXW4ETextOptions@@_N@Z-0x36 longearthgrinch+0x95ea @ 0x100095ea
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        89 41 44 8b 45 10 89 51 4c 8b 55 14 89 41 48 89
        

      
        exception.instruction:
        mov dword ptr [ecx + 0x44], eax
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B+0x1bd05 DllRegisterServer-0xb3e51 mfc42+0x2aa89
        

      
        exception.address:
        0x73cbaa89
        

      
    
  
    
      
        registers.esp:
        2553728
        

      
        registers.edi:
        0
        

      
        registers.eax:
        0
        

      
        registers.ebp:
        2553728
        

      
        registers.edx:
        0
        

      
        registers.ebx:
        2553812
        

      
        registers.esi:
        0
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        8b b5 ec 00 00 00 8d bd e4 00 00 00 83 c4 0c 8b
        

      
        exception.instruction:
        mov esi, dword ptr [ebp + 0xec]
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?DoAddBar@CSizableReBar@@IAE_NPAVCWnd@@PAUtagREBARBANDINFOA@@PBD_N3@Z+0x5b ?CalcFixedLayout@CSizableReBar@@UAE?AVCSize@@HH@Z-0x1b5 longearthgrinch+0x810b
        

      
        exception.address:
        0x1000810b
        

      
    
  
    
      
        registers.esp:
        785528
        

      
        registers.edi:
        0
        

      
        registers.eax:
        785576
        

      
        registers.ebp:
        0
        

      
        registers.edx:
        0
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        67550
        

      
        registers.ecx:
        5507024
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        88 81 e0 00 00 00 88 91 e1 00 00 00 c2 08 00 90
        

      
        exception.instruction:
        mov byte ptr [ecx + 0xe0], al
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?EnableContextMenu@CSizableReBar@@QAEX_N0@Z+0x8 ?Lock@CSizableReBar@@QAE_N_N@Z-0x18 longearthgrinch+0x7bb8
        

      
        exception.address:
        0x10007bb8
        

      
    
  
    
      
        registers.esp:
        2488764
        

      
        registers.edi:
        0
        

      
        registers.eax:
        133090
        

      
        registers.ebp:
        2488880
        

      
        registers.edx:
        0
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        133090
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        8a 86 c4 00 00 00 84 c0 75 7a c6 86 c4 00 00 00
        

      
        exception.instruction:
        mov al, byte ptr [esi + 0xc4]
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?EnterTrackingMode@CMenuBar@@IAEXH@Z+0x3 ?TrackChevronMenu@CMenuBar@@IAEXAAVCRect@@H@Z-0x8d longearthgrinch+0x55f3
        

      
        exception.address:
        0x100055f3
        

      
    
  
    
      
        registers.esp:
        1308644
        

      
        registers.edi:
        0
        

      
        registers.eax:
        67590
        

      
        registers.ebp:
        1308764
        

      
        registers.edx:
        9
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        0
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        8a 86 c4 00 00 00 84 c0 74 68 8b 46 20 6a 00 6a
        

      
        exception.instruction:
        mov al, byte ptr [esi + 0xc4]
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?ExitTrackingMode@CMenuBar@@IAEXXZ+0x3 ?ShowChevronMenu@CMenuBar@@IAEXH@Z-0x7d longearthgrinch+0x5cb3
        

      
        exception.address:
        0x10005cb3
        

      
    
  
    
      
        registers.esp:
        2882944
        

      
        registers.edi:
        0
        

      
        registers.eax:
        67658
        

      
        registers.ebp:
        2883064
        

      
        registers.edx:
        9
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        0
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        8b 46 20 50 ff 15 90 06 01 10 85 c0 74 37 8b 8e
        

      
        exception.instruction:
        mov eax, dword ptr [esi + 0x20]
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?FrameOnInitMenuPopup@CMenuBar@@IAEXPAVCMenu@@IH@Z+0x3 ?FrameOnMenuSelect@CMenuBar@@IAEXIIPAUHMENU__@@@Z-0x4d longearthgrinch+0x6ec3
        

      
        exception.address:
        0x10006ec3
        

      
    
  
    
      
        registers.esp:
        1898632
        

      
        registers.edi:
        0
        

      
        registers.eax:
        67662
        

      
        registers.ebp:
        1898752
        

      
        registers.edx:
        9
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        0
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
rundll32+0x1326 @ 0xe11326
rundll32+0x1901 @ 0xe11901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        8b 46 20 50 ff 15 90 06 01 10 85 c0 74 5c 8b 16
        

      
        exception.instruction:
        mov eax, dword ptr [esi + 0x20]
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        ?FrameOnMenuChar@CMenuBar@@IAE_NIIPAVCMenu@@@Z+0x3 ?FrameOnNcActivate@CMenuBar@@IAEXH@Z-0x7d longearthgrinch+0x6e03
        

      
        exception.address:
        0x10006e03
        

      
    
  
    
      
        registers.esp:
        653696
        

      
        registers.edi:
        0
        

      
        registers.eax:
        67698
        

      
        registers.ebp:
        653816
        

      
        registers.edx:
        9
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        0
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://45.36.99.184/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://204.138.26.60/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://185.56.76.28/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://185.56.76.28/cookiechecker?uri=/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://185.56.76.28/index.html
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://185.56.76.28/login.cgi?uri=/index.html
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://38.110.103.124/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://38.110.100.104/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://185.56.76.28/login.cgi?uri=/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://185.56.76.108/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://185.56.76.108/cookiechecker?uri=/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://185.56.76.108/index.html
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://185.56.76.108/login.cgi?uri=/index.html
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://60.51.47.65/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://38.110.103.113/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://24.162.214.166/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://154.58.23.192/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            suspicious_features
                                            Connection to IP address
                                        
                                    
                                        
                                    
                                        
                                            suspicious_request
                                            GET https://80.15.2.105/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    request
                                    GET https://45.36.99.184/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://204.138.26.60/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://185.56.76.28/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://185.56.76.28/cookiechecker?uri=/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://185.56.76.28/index.html
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://185.56.76.28/login.cgi?uri=/index.html
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://38.110.103.124/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://38.110.100.104/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://185.56.76.28/login.cgi?uri=/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://185.56.76.108/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://185.56.76.108/cookiechecker?uri=/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://185.56.76.108/index.html
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://185.56.76.108/login.cgi?uri=/index.html
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://60.51.47.65/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://38.110.103.113/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://24.162.214.166/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://154.58.23.192/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                    
                                


                            

                        

                            

                                

                                    request
                                    GET https://80.15.2.105/rob102/TEST22-PC_W617601.33715B34B330B01BAE9FB711D913F2BB/5/file/
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          620
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x10010000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          620
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73c91000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          620
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73751000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          620
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x72b41000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          620
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x72ad0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          620
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729e1000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          620
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729a4000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          620
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729e2000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          620
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73c71000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          1684
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x10010000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          1684
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73c91000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          1684
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73751000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          1684
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x72b41000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          1684
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x72ad0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          1684
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729e1000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          1684
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729a4000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          1684
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729e2000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          1684
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73c71000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2800
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x10010000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2800
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73c91000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2800
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73751000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2800
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x72b41000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2800
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x72ad0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2800
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729e1000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2800
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729a4000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2800
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729e2000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2800
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73c71000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2532
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x10010000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2532
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73c91000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2532
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73751000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2532
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x72b41000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2532
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x72ad0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2532
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729e1000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2532
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729a4000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2532
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729e2000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2532
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73c71000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2704
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x10010000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2704
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73c91000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2704
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73751000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2704
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x72b41000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2704
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x72ad0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2704
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729e1000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2704
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729a4000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2704
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x729e2000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2704
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73c71000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2892
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x10010000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2892
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73c91000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2892
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x73751000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2892
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x72b41000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          2892
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          4096
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x72ad0000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    cmdline
                                    C:\Windows\system32\cmd.exe
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          15040
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          8192
        
      
      
      

    
  
    
      protection:
      
        
          32
        
      
      
        (PAGE_EXECUTE_READ)
      
      

    
  
    
      base_address:
      
        
          0x00a01000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
GetAdaptersAddresses

  
  
    
      
    
  


  
    
      flags:
      
        
          15
        
      
      
      

    
  
    
      family:
      
        
          0
        
      
      
      

    
  


    

111

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x0003b000', u'virtual_address': u'0x00019000', u'entropy': 7.934567949844785, u'name': u'.rsrc', u'virtual_size': u'0x0003a030'}
                                        
                                    
                                        
                                            entropy
                                            7.93456794984
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            entropy
                                            0.694117647059
                                        
                                    
                                        
                                            description
                                            Overall entropy of this PE file is high
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
LookupPrivilegeValueW

  
  
    
      
    
  


  
    
      system_name:
      
        
          
        
      
      
      

    
  
    
      privilege_name:
      
        
          SeDebugPrivilege
        
      
      
      

    
  


    
        1
    

1

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
NtTerminateProcess

  
  
    
      
    
  


  
    
      status_code:
      
        
          0x00000000
        
      
      
      

    
  
    
      process_identifier:
      
        
          14396
        
      
      
      

    
  
    
      process_handle:
      
        
          0x00000114
        
      
      
      

    
  


    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtTerminateProcess

  
  
    
      
    
  


  
    
      status_code:
      
        
          0x00000000
        
      
      
      

    
  
    
      process_identifier:
      
        
          14396
        
      
      
      

    
  
    
      process_handle:
      
        
          0x00000114
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                            host
                                            154.58.23.192
                                        
                                    
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            host
                                            185.56.76.108
                                        
                                    
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            host
                                            185.56.76.28
                                        
                                    
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            host
                                            204.138.26.60
                                        
                                    
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            host
                                            24.162.214.166
                                        
                                    
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            host
                                            38.110.100.104
                                        
                                    
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            host
                                            38.110.103.113
                                        
                                    
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            host
                                            38.110.103.124
                                        
                                    
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            host
                                            45.36.99.184
                                        
                                    
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            host
                                            60.51.47.65
                                        
                                    
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            host
                                            68.69.26.182
                                        
                                    
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                            host
                                            80.15.2.105
                                        
                                    
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    dead_host
                                    192.168.56.101:49527
                                    
                                


                            

                        

                            

                                

                                    dead_host
                                    192.168.56.101:49532
                                    
                                


                            

                        

                            

                                

                                    dead_host
                                    68.69.26.182:443