popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

sistem32.jpg

Malicious Library Admin Tool (Sysinternals etc ...) UPX AntiDebug PE File DLL OS Processor Check PE32 .NET EXE AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 3, 2023, 6:09 p.m. Nov. 3, 2023, 6:11 p.m.
Size 2.2MB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 06cbe7e4119ca545f6420e7b4100e3d2
SHA256 1d4ad36b22c945994e384ff85031a0612d5f7270d2a1ba9269ff9eba1de85bda
CRC32 16B85718
ssdeep 49152:/o69iGjipDXClR//fzbbz129ZFwaWrCWUDNCpF0:F9CpzCb/rzI9PSyDNCpq
PDB Path /www/wwwroot/www.vecna.pw/includes/protected_files/9a08a443ad7816f624ca69f86bcf8c00/obj/x86/Debug/sistem32.pdb
Yara
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Is_DotNET_EXE - (no description)

Name Response Post-Analysis Lookup
marcelotatuape.ddns.net
A 177.52.83.224
177.52.83.224
IP Address Status Action
164.124.101.2 Active Moloch
177.52.83.224 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53 2028675 ET POLICY DNS Query to DynDNS Domain *.ddns .net Potentially Bad Traffic
UDP 192.168.56.103:50800 -> 164.124.101.2:53 2028675 ET POLICY DNS Query to DynDNS Domain *.ddns .net Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004e17f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004e17f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004e18b8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
pdb_path /www/wwwroot/www.vecna.pw/includes/protected_files/9a08a443ad7816f624ca69f86bcf8c00/obj/x86/Debug/sistem32.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003
HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd
DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x73f32170
DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x73f32195
DllUnregisterServerInternal-0x7ed4 clr+0x2220 @ 0x73f32220
CoUninitializeEE+0x2322 CreateAssemblyNameObject-0xb933 clr+0x21b66 @ 0x73f51b66
CoUninitializeEE+0x223e CreateAssemblyNameObject-0xba17 clr+0x21a82 @ 0x73f51a82
CoUninitializeEE+0x1dbf CreateAssemblyNameObject-0xbe96 clr+0x21603 @ 0x73f51603
CoUninitializeEE+0x3a1c CreateAssemblyNameObject-0xa239 clr+0x23260 @ 0x73f53260
LogHelp_TerminateOnAssert+0x14fb GetPrivateContextsPerfCounters-0x17f47 clr+0x7003b @ 0x73fa003b
DllGetClassObjectInternal+0x1bc2b CorDllMainForThunk-0x708d0 clr+0xe0ca4 @ 0x74010ca4
DllRegisterServerInternal+0x97a9 CoUninitializeEE-0x3c8f clr+0x1bbb5 @ 0x73f4bbb5
DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x73f4bcd5
DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x73f32ae9
system+0x1b1b72 @ 0x71df1b72
system+0x1b19c2 @ 0x71df19c2
0x70b0a4
0x700158
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73ff74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73ff7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x74081dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x74081e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x74081f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7408416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745df5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e
exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e
exception.instruction: mov eax, dword ptr [esi + 4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189342
exception.address: 0x778ce39e
registers.esp: 3141060
registers.edi: 5865576
registers.eax: 0
registers.ebp: 3141112
registers.edx: 5865584
registers.ebx: 5865584
registers.esi: 584712429
registers.ecx: 4849664
1 0 0

__exception__

 stacktrace: 
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003
HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd
DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x73f32170
DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x73f32195
DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x73f321a6
CoUninitializeEE+0x9bdc CreateAssemblyNameObject-0x4079 clr+0x29420 @ 0x73f59420
GetPrivateContextsPerfCounters+0x10ed DllGetActivationFactoryImpl-0x13778 clr+0x8906f @ 0x73fb906f
mscorlib+0x2d866e @ 0x7289866e
mscorlib+0x2d85ca @ 0x728985ca
mscorlib+0x2d7e2a @ 0x72897e2a
mscorlib+0x2d79ea @ 0x728979ea
mscorlib+0x2d74ff @ 0x728974ff
mscorlib+0x2d71c3 @ 0x728971c3
mscorlib+0x2d6c3c @ 0x72896c3c
mscorlib+0x2fcfb1 @ 0x728bcfb1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2
DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84
DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f
mscorlib+0x2fce7e @ 0x728bce7e
mscorlib+0x2fcd8c @ 0x728bcd8c
mscorlib+0x2fcd0b @ 0x728bcd0b
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713
DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5
mscorlib+0x9bc1c8 @ 0x72f7c1c8
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f
DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed
DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd
CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553
LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42
DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95
DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003
HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd
DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x73f32170
DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x73f32195
DllUnregisterServerInternal-0x7ed4 clr+0x2220 @ 0x73f32220
CoUninitializeEE+0x2322 CreateAssemblyNameObject-0xb933 clr+0x21b66 @ 0x73f51b66
CoUninitializeEE+0x223e CreateAssemblyNameObject-0xba17 clr+0x21a82 @ 0x73f51a82
CoUninitializeEE+0x1dbf CreateAssemblyNameObject-0xbe96 clr+0x21603 @ 0x73f51603
CoUninitializeEE+0x3a1c CreateAssemblyNameObject-0xa239 clr+0x23260 @ 0x73f53260
LogHelp_TerminateOnAssert+0x14fb GetPrivateContextsPerfCounters-0x17f47 clr+0x7003b @ 0x73fa003b
DllGetClassObjectInternal+0x1bc2b CorDllMainForThunk-0x708d0 clr+0xe0ca4 @ 0x74010ca4
DllRegisterServerInternal+0x97a9 CoUninitializeEE-0x3c8f clr+0x1bbb5 @ 0x73f4bbb5
DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x73f4bcd5
DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x73f32ae9
system+0x1b1b72 @ 0x71df1b72
system+0x1b19c2 @ 0x71df19c2
0x70b0a4
0x700158
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95

exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e
exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e
exception.instruction: mov eax, dword ptr [esi + 4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189342
exception.address: 0x778ce39e
registers.esp: 3135912
registers.edi: 5865200
registers.eax: 5559304
registers.ebp: 3135964
registers.edx: 5865208
registers.ebx: 5865208
registers.esi: 579783478
registers.ecx: 4849664
1 0 0

__exception__

 stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2
RtlAllocateAndInitializeSid+0x2b RtlInitializeSListHead-0x97 ntdll+0x3940d @ 0x778d940d
GetComputerNameA+0x9bd GetFileInformationByHandleEx-0x6f2 kernel32+0x2c09d @ 0x7580c09d
GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x7580c1cf
GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x7580c191
MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x757f4ca4
RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x757f2407
RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x757f2332
New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x74663ca1
CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x73f6971c
StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x740c34e8
StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x740c3682
GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x740c5947
GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x740c5b56
GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x740c5543
StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x740c1e51
StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x740c2004
mscorlib+0x355147 @ 0x72915147
mscorlib+0x985c14 @ 0x72f45c14
mscorlib+0x9b45cf @ 0x72f745cf
mscorlib+0xd224c1 @ 0x732e24c1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2
DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84
DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f
mscorlib+0x2fce7e @ 0x728bce7e
mscorlib+0x2fcd8c @ 0x728bcd8c
mscorlib+0x2fcd0b @ 0x728bcd0b
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713
DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5
mscorlib+0x9bc1c8 @ 0x72f7c1c8
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f
DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed
DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd
CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553
LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42
DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95
DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003
HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd
DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x73f32170
DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x73f32195
DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x73f321a6
CoUninitializeEE+0x9bdc CreateAssemblyNameObject-0x4079 clr+0x29420 @ 0x73f59420
GetPrivateContextsPerfCounters+0x10ed DllGetActivationFactoryImpl-0x13778 clr+0x8906f @ 0x73fb906f
mscorlib+0x2d866e @ 0x7289866e
mscorlib+0x2d85ca @ 0x728985ca
mscorlib+0x2d7e2a @ 0x72897e2a
mscorlib+0x2d79ea @ 0x728979ea
mscorlib+0x2d74ff @ 0x728974ff
mscorlib+0x2d71c3 @ 0x728971c3
mscorlib+0x2d6c3c @ 0x72896c3c
mscorlib+0x2fcfb1 @ 0x728bcfb1

exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89
exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189172
exception.address: 0x778ce2f4
registers.esp: 3127536
registers.edi: 65
registers.eax: 5992496
registers.ebp: 3127668
registers.edx: 4880472
registers.ebx: 35
registers.esi: 5992504
registers.ecx: 5559312
1 0 0

__exception__

 stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2
RtlAllocateAndInitializeSid+0x2b RtlInitializeSListHead-0x97 ntdll+0x3940d @ 0x778d940d
GetComputerNameA+0x9bd GetFileInformationByHandleEx-0x6f2 kernel32+0x2c09d @ 0x7580c09d
GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x7580c1cf
GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x7580c191
MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x757f4ca4
RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x757f2407
RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x757f2332
New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x74663ca1
CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x73f6971c
StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x740c34e8
StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x740c3682
GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x740c5947
GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x740c5b56
GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x740c5543
StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x740c1e51
StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x740c2004
mscorlib+0x355147 @ 0x72915147
mscorlib+0x985c14 @ 0x72f45c14
mscorlib+0x9b45cf @ 0x72f745cf
mscorlib+0xd224c1 @ 0x732e24c1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2
DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84
DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f
mscorlib+0x2fce7e @ 0x728bce7e
mscorlib+0x2fcd8c @ 0x728bcd8c
mscorlib+0x2fcd0b @ 0x728bcd0b
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713
DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5
mscorlib+0x9bc1c8 @ 0x72f7c1c8
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f
DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed
DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd
CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553
LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42
DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95
DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003
HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd
DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x73f32170
DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x73f32195
DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x73f321a6
CoUninitializeEE+0x9bdc CreateAssemblyNameObject-0x4079 clr+0x29420 @ 0x73f59420
GetPrivateContextsPerfCounters+0x10ed DllGetActivationFactoryImpl-0x13778 clr+0x8906f @ 0x73fb906f
mscorlib+0x2d866e @ 0x7289866e
mscorlib+0x2d85ca @ 0x728985ca
mscorlib+0x2d7e2a @ 0x72897e2a
mscorlib+0x2d79ea @ 0x728979ea
mscorlib+0x2d74ff @ 0x728974ff
mscorlib+0x2d71c3 @ 0x728971c3
mscorlib+0x2d6c3c @ 0x72896c3c
mscorlib+0x2fcfb1 @ 0x728bcfb1

exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x778d6f08
registers.esp: 3127536
registers.edi: 35
registers.eax: 5992496
registers.ebp: 3127668
registers.edx: 1042808898
registers.ebx: 65
registers.esi: 5992504
registers.ecx: 5559312
1 0 0

__exception__

 stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2
RtlEncodeSystemPointer+0x30 RtlFindClearBits-0x761 ntdll+0x3e088 @ 0x778de088
RtlSetBits+0xfe RtlFlsAlloc-0x75 ntdll+0x3e9ee @ 0x778de9ee
RtlSetBits+0x162 RtlFlsAlloc-0x11 ntdll+0x3ea52 @ 0x778dea52
RtlSetBits+0x5d RtlFlsAlloc-0x116 ntdll+0x3e94d @ 0x778de94d
LdrResSearchResource+0x943 LdrResFindResourceDirectory-0x376 ntdll+0x3d69f @ 0x778dd69f
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x778dc4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7466d4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x755a1d2a
GetMetaDataPublicInterfaceFromInternal+0x753 CopyPDBs-0x1e9 clr+0x195a59 @ 0x740c5a59
GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x740c5b56
GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x740c5543
StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x740c1e51
StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x740c2004
mscorlib+0x355147 @ 0x72915147
mscorlib+0x985c14 @ 0x72f45c14
mscorlib+0x9b45cf @ 0x72f745cf
mscorlib+0xd224c1 @ 0x732e24c1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2
DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84
DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f
mscorlib+0x2fce7e @ 0x728bce7e
mscorlib+0x2fcd8c @ 0x728bcd8c
mscorlib+0x2fcd0b @ 0x728bcd0b
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713
DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5
mscorlib+0x9bc1c8 @ 0x72f7c1c8
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f
DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed
DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd
CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553
LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42
DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95
DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003
HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd
DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x73f32170
DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x73f32195
DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x73f321a6
CoUninitializeEE+0x9bdc CreateAssemblyNameObject-0x4079 clr+0x29420 @ 0x73f59420
GetPrivateContextsPerfCounters+0x10ed DllGetActivationFactoryImpl-0x13778 clr+0x8906f @ 0x73fb906f
mscorlib+0x2d866e @ 0x7289866e
mscorlib+0x2d85ca @ 0x728985ca
mscorlib+0x2d7e2a @ 0x72897e2a
mscorlib+0x2d79ea @ 0x728979ea
mscorlib+0x2d74ff @ 0x728974ff
mscorlib+0x2d71c3 @ 0x728971c3
mscorlib+0x2d6c3c @ 0x72896c3c
mscorlib+0x2fcfb1 @ 0x728bcfb1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2

exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89
exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 189172
exception.address: 0x778ce2f4
registers.esp: 3127760
registers.edi: 65
registers.eax: 5992496
registers.ebp: 3127892
registers.edx: 4880472
registers.ebx: 36
registers.esi: 5992504
registers.ecx: 5559312
1 0 0

__exception__

 stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2
RtlEncodeSystemPointer+0x30 RtlFindClearBits-0x761 ntdll+0x3e088 @ 0x778de088
RtlSetBits+0xfe RtlFlsAlloc-0x75 ntdll+0x3e9ee @ 0x778de9ee
RtlSetBits+0x162 RtlFlsAlloc-0x11 ntdll+0x3ea52 @ 0x778dea52
RtlSetBits+0x5d RtlFlsAlloc-0x116 ntdll+0x3e94d @ 0x778de94d
LdrResSearchResource+0x943 LdrResFindResourceDirectory-0x376 ntdll+0x3d69f @ 0x778dd69f
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x778dc4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7466d4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x755a1d2a
GetMetaDataPublicInterfaceFromInternal+0x753 CopyPDBs-0x1e9 clr+0x195a59 @ 0x740c5a59
GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x740c5b56
GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x740c5543
StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x740c1e51
StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x740c2004
mscorlib+0x355147 @ 0x72915147
mscorlib+0x985c14 @ 0x72f45c14
mscorlib+0x9b45cf @ 0x72f745cf
mscorlib+0xd224c1 @ 0x732e24c1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2
DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84
DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f
mscorlib+0x2fce7e @ 0x728bce7e
mscorlib+0x2fcd8c @ 0x728bcd8c
mscorlib+0x2fcd0b @ 0x728bcd0b
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713
DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5
mscorlib+0x9bc1c8 @ 0x72f7c1c8
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f
DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed
DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd
CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553
LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42
DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95
DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003
HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd
DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x73f32170
DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x73f32195
DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x73f321a6
CoUninitializeEE+0x9bdc CreateAssemblyNameObject-0x4079 clr+0x29420 @ 0x73f59420
GetPrivateContextsPerfCounters+0x10ed DllGetActivationFactoryImpl-0x13778 clr+0x8906f @ 0x73fb906f
mscorlib+0x2d866e @ 0x7289866e
mscorlib+0x2d85ca @ 0x728985ca
mscorlib+0x2d7e2a @ 0x72897e2a
mscorlib+0x2d79ea @ 0x728979ea
mscorlib+0x2d74ff @ 0x728974ff
mscorlib+0x2d71c3 @ 0x728971c3
mscorlib+0x2d6c3c @ 0x72896c3c
mscorlib+0x2fcfb1 @ 0x728bcfb1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2

exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x778d6f08
registers.esp: 3127760
registers.edi: 36
registers.eax: 5992496
registers.ebp: 3127892
registers.edx: 1042808898
registers.ebx: 65
registers.esi: 5992504
registers.ecx: 5559312
1 0 0

__exception__

 stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2
ImageList_Add+0x1d0b TaskDialogIndirect-0x2dc7 comctl32+0x5acac @ 0x6ee6acac
TaskDialogIndirect+0x9248 DllInstall-0x5f7a comctl32+0x66cbb @ 0x6ee76cbb
TaskDialogIndirect+0x9223 DllInstall-0x5f9f comctl32+0x66c96 @ 0x6ee76c96
TaskDialogIndirect+0x91eb DllInstall-0x5fd7 comctl32+0x66c5e @ 0x6ee76c5e
TaskDialogIndirect+0xa6c3 DllInstall-0x4aff comctl32+0x68136 @ 0x6ee78136
TaskDialogIndirect+0xe6c4 DllInstall-0xafe comctl32+0x6c137 @ 0x6ee7c137
ImageList_Add+0x2ed4 TaskDialogIndirect-0x1bfe comctl32+0x5be75 @ 0x6ee6be75
ImageList_Add+0x2c60 TaskDialogIndirect-0x1e72 comctl32+0x5bc01 @ 0x6ee6bc01
DllInstall+0xed94 ImageList_SetBkColor-0x47ba comctl32+0x7b9c9 @ 0x6ee8b9c9
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7561f9df
GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7561f784
GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7561f889
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x755f965e
SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7562206f
DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7561cf4b
DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x7561ce8a
DialogBoxIndirectParamW+0x1b DialogBoxIndirectParamAorW-0x246 user32+0x3cc0e @ 0x7561cc0e
DllInstall+0x10943 ImageList_SetBkColor-0x2c0b comctl32+0x7d578 @ 0x6ee8d578
DllInstall+0x108d3 ImageList_SetBkColor-0x2c7b comctl32+0x7d508 @ 0x6ee8d508
PostErrorVA+0x7db ClearDownloadCache-0x131c3 clr+0x378f7f @ 0x742a8f7f
PostErrorVA+0xd12 ClearDownloadCache-0x12c8c clr+0x3794b6 @ 0x742a94b6
CreateHistoryReader+0x91d6c PostErrorVA-0xd71f3 clr+0x2a15b1 @ 0x741d15b1
CreateHistoryReader+0x1171e4 PostErrorVA-0x51d7b clr+0x326a29 @ 0x74256a29
mscorlib+0xa52f31 @ 0x73012f31
mscorlib+0x9b45f7 @ 0x72f745f7
mscorlib+0xd224c1 @ 0x732e24c1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2
DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84
DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f
mscorlib+0x2fce7e @ 0x728bce7e
mscorlib+0x2fcd8c @ 0x728bcd8c
mscorlib+0x2fcd0b @ 0x728bcd0b
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713
DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5
mscorlib+0x9bc1c8 @ 0x72f7c1c8
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f
DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed
DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd
CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553
LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42
DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95
DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003
HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd
DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x73f32170
DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x73f32195
DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x73f321a6
CoUninitializeEE+0x9bdc CreateAssemblyNameObject-0x4079 clr+0x29420 @ 0x73f59420

exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x778d6f08
registers.esp: 3121600
registers.edi: 36
registers.eax: 5992496
registers.ebp: 3121732
registers.edx: 1042808898
registers.ebx: 65
registers.esi: 5992504
registers.ecx: 5559312
1 0 0

__exception__

 stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2
DllInstall+0xf268 ImageList_SetBkColor-0x42e6 comctl32+0x7be9d @ 0x6ee8be9d
TaskDialogIndirect+0xc7f1 DllInstall-0x29d1 comctl32+0x6a264 @ 0x6ee7a264
TaskDialogIndirect+0xc79e DllInstall-0x2a24 comctl32+0x6a211 @ 0x6ee7a211
TaskDialogIndirect+0xc709 DllInstall-0x2ab9 comctl32+0x6a17c @ 0x6ee7a17c
TaskDialogIndirect+0xc6cc DllInstall-0x2af6 comctl32+0x6a13f @ 0x6ee7a13f
TaskDialogIndirect+0x4508 DllInstall-0xacba comctl32+0x61f7b @ 0x6ee71f7b
DllInstall+0x71ce ImageList_SetBkColor-0xc380 comctl32+0x73e03 @ 0x6ee83e03
TaskDialogIndirect+0x46b1 DllInstall-0xab11 comctl32+0x62124 @ 0x6ee72124
DllInstall+0x68da ImageList_SetBkColor-0xcc74 comctl32+0x7350f @ 0x6ee8350f
TaskDialogIndirect+0x5fea DllInstall-0x91d8 comctl32+0x63a5d @ 0x6ee73a5d
TaskDialogIndirect+0xe9a7 DllInstall-0x81b comctl32+0x6c41a @ 0x6ee7c41a
TaskDialogIndirect+0xe85a DllInstall-0x968 comctl32+0x6c2cd @ 0x6ee7c2cd
TaskDialogIndirect+0xe7bc DllInstall-0xa06 comctl32+0x6c22f @ 0x6ee7c22f
TaskDialogIndirect+0xe725 DllInstall-0xa9d comctl32+0x6c198 @ 0x6ee7c198
TaskDialogIndirect+0xe6e2 DllInstall-0xae0 comctl32+0x6c155 @ 0x6ee7c155
ImageList_Add+0x2ed4 TaskDialogIndirect-0x1bfe comctl32+0x5be75 @ 0x6ee6be75
ImageList_Add+0x2c60 TaskDialogIndirect-0x1e72 comctl32+0x5bc01 @ 0x6ee6bc01
DllInstall+0xed94 ImageList_SetBkColor-0x47ba comctl32+0x7b9c9 @ 0x6ee8b9c9
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7561f9df
GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7561f784
GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7561f889
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x755f965e
SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7562206f
DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7561cf4b
DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x7561ce8a
DialogBoxIndirectParamW+0x1b DialogBoxIndirectParamAorW-0x246 user32+0x3cc0e @ 0x7561cc0e
DllInstall+0x10943 ImageList_SetBkColor-0x2c0b comctl32+0x7d578 @ 0x6ee8d578
DllInstall+0x108d3 ImageList_SetBkColor-0x2c7b comctl32+0x7d508 @ 0x6ee8d508
PostErrorVA+0x7db ClearDownloadCache-0x131c3 clr+0x378f7f @ 0x742a8f7f
PostErrorVA+0xd12 ClearDownloadCache-0x12c8c clr+0x3794b6 @ 0x742a94b6
CreateHistoryReader+0x91d6c PostErrorVA-0xd71f3 clr+0x2a15b1 @ 0x741d15b1
CreateHistoryReader+0x1171e4 PostErrorVA-0x51d7b clr+0x326a29 @ 0x74256a29
mscorlib+0xa52f31 @ 0x73012f31
mscorlib+0x9b45f7 @ 0x72f745f7
mscorlib+0xd224c1 @ 0x732e24c1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2
DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84
DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f
mscorlib+0x2fce7e @ 0x728bce7e
mscorlib+0x2fcd8c @ 0x728bcd8c
mscorlib+0x2fcd0b @ 0x728bcd0b
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713
DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5
mscorlib+0x9bc1c8 @ 0x72f7c1c8
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f
DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed
DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd
CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553
LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42
DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95
DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9

exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x778d6f08
registers.esp: 3120212
registers.edi: 36
registers.eax: 5992496
registers.ebp: 3120344
registers.edx: 1042808898
registers.ebx: 65
registers.esi: 5992504
registers.ecx: 5559312
1 0 0

__exception__

 stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2
RtlReAllocateHeap+0x179 RtlGetIntegerAtom-0x2e8 ntdll+0x420e7 @ 0x778e20e7
RtlReAllocateHeap+0x7e RtlGetIntegerAtom-0x3e3 ntdll+0x41fec @ 0x778e1fec
DllInstall+0xff2c ImageList_SetBkColor-0x3622 comctl32+0x7cb61 @ 0x6ee8cb61
TaskDialogIndirect+0x54aa DllInstall-0x9d18 comctl32+0x62f1d @ 0x6ee72f1d
DllInstall+0xf582 ImageList_SetBkColor-0x3fcc comctl32+0x7c1b7 @ 0x6ee8c1b7
TaskDialogIndirect+0x55ae DllInstall-0x9c14 comctl32+0x63021 @ 0x6ee73021
TaskDialogIndirect+0x5553 DllInstall-0x9c6f comctl32+0x62fc6 @ 0x6ee72fc6
TaskDialogIndirect+0x3349 DllInstall-0xbe79 comctl32+0x60dbc @ 0x6ee70dbc
TaskDialogIndirect+0x3b29 DllInstall-0xb699 comctl32+0x6159c @ 0x6ee7159c
TaskDialogIndirect+0x35b1 DllInstall-0xbc11 comctl32+0x61024 @ 0x6ee71024
TaskDialogIndirect+0x2d3a DllInstall-0xc488 comctl32+0x607ad @ 0x6ee707ad
TaskDialogIndirect+0x2d3a DllInstall-0xc488 comctl32+0x607ad @ 0x6ee707ad
TaskDialogIndirect+0x7da2 DllInstall-0x7420 comctl32+0x65815 @ 0x6ee75815
TaskDialogIndirect+0x8ffa DllInstall-0x61c8 comctl32+0x66a6d @ 0x6ee76a6d
TaskDialogIndirect+0x5ee5 DllInstall-0x92dd comctl32+0x63958 @ 0x6ee73958
TaskDialogIndirect+0xe9a7 DllInstall-0x81b comctl32+0x6c41a @ 0x6ee7c41a
TaskDialogIndirect+0xe85a DllInstall-0x968 comctl32+0x6c2cd @ 0x6ee7c2cd
TaskDialogIndirect+0xe7bc DllInstall-0xa06 comctl32+0x6c22f @ 0x6ee7c22f
TaskDialogIndirect+0xe725 DllInstall-0xa9d comctl32+0x6c198 @ 0x6ee7c198
TaskDialogIndirect+0xe6e2 DllInstall-0xae0 comctl32+0x6c155 @ 0x6ee7c155
ImageList_Add+0x2ed4 TaskDialogIndirect-0x1bfe comctl32+0x5be75 @ 0x6ee6be75
ImageList_Add+0x2c60 TaskDialogIndirect-0x1e72 comctl32+0x5bc01 @ 0x6ee6bc01
DllInstall+0xed94 ImageList_SetBkColor-0x47ba comctl32+0x7b9c9 @ 0x6ee8b9c9
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7561f9df
GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7561f784
GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7561f889
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x755f965e
SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7562206f
DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7561cf4b
DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x7561ce8a
DialogBoxIndirectParamW+0x1b DialogBoxIndirectParamAorW-0x246 user32+0x3cc0e @ 0x7561cc0e
DllInstall+0x10943 ImageList_SetBkColor-0x2c0b comctl32+0x7d578 @ 0x6ee8d578
DllInstall+0x108d3 ImageList_SetBkColor-0x2c7b comctl32+0x7d508 @ 0x6ee8d508
PostErrorVA+0x7db ClearDownloadCache-0x131c3 clr+0x378f7f @ 0x742a8f7f
PostErrorVA+0xd12 ClearDownloadCache-0x12c8c clr+0x3794b6 @ 0x742a94b6
CreateHistoryReader+0x91d6c PostErrorVA-0xd71f3 clr+0x2a15b1 @ 0x741d15b1
CreateHistoryReader+0x1171e4 PostErrorVA-0x51d7b clr+0x326a29 @ 0x74256a29
mscorlib+0xa52f31 @ 0x73012f31
mscorlib+0x9b45f7 @ 0x72f745f7
mscorlib+0xd224c1 @ 0x732e24c1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2
DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84
DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f
mscorlib+0x2fce7e @ 0x728bce7e
mscorlib+0x2fcd8c @ 0x728bcd8c
mscorlib+0x2fcd0b @ 0x728bcd0b
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713
DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5
mscorlib+0x9bc1c8 @ 0x72f7c1c8
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f
DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed
DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd

exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x778d6f08
registers.esp: 3119572
registers.edi: 36
registers.eax: 5992496
registers.ebp: 3119704
registers.edx: 1042808898
registers.ebx: 65
registers.esi: 5992504
registers.ecx: 5559312
1 0 0

__exception__

 stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2
ImageList_Add+0x1d0b TaskDialogIndirect-0x2dc7 comctl32+0x5acac @ 0x6ee6acac
DllInstall+0x6eb0 ImageList_SetBkColor-0xc69e comctl32+0x73ae5 @ 0x6ee83ae5
DllInstall+0x6e82 ImageList_SetBkColor-0xc6cc comctl32+0x73ab7 @ 0x6ee83ab7
TaskDialogIndirect+0x36d8 DllInstall-0xbaea comctl32+0x6114b @ 0x6ee7114b
TaskDialogIndirect+0x2d3a DllInstall-0xc488 comctl32+0x607ad @ 0x6ee707ad
TaskDialogIndirect+0x2d3a DllInstall-0xc488 comctl32+0x607ad @ 0x6ee707ad
TaskDialogIndirect+0x2d3a DllInstall-0xc488 comctl32+0x607ad @ 0x6ee707ad
TaskDialogIndirect+0x7da2 DllInstall-0x7420 comctl32+0x65815 @ 0x6ee75815
TaskDialogIndirect+0x8ffa DllInstall-0x61c8 comctl32+0x66a6d @ 0x6ee76a6d
TaskDialogIndirect+0x5ee5 DllInstall-0x92dd comctl32+0x63958 @ 0x6ee73958
TaskDialogIndirect+0xe9a7 DllInstall-0x81b comctl32+0x6c41a @ 0x6ee7c41a
TaskDialogIndirect+0xe85a DllInstall-0x968 comctl32+0x6c2cd @ 0x6ee7c2cd
TaskDialogIndirect+0xe7bc DllInstall-0xa06 comctl32+0x6c22f @ 0x6ee7c22f
TaskDialogIndirect+0xe725 DllInstall-0xa9d comctl32+0x6c198 @ 0x6ee7c198
DllInstall+0x7261 ImageList_SetBkColor-0xc2ed comctl32+0x73e96 @ 0x6ee83e96
TaskDialogIndirect+0x9445 DllInstall-0x5d7d comctl32+0x66eb8 @ 0x6ee76eb8
DllInstall+0x731b ImageList_SetBkColor-0xc233 comctl32+0x73f50 @ 0x6ee83f50
DllInstall+0x72f7 ImageList_SetBkColor-0xc257 comctl32+0x73f2c @ 0x6ee83f2c
TaskDialogIndirect+0x6dc7 DllInstall-0x83fb comctl32+0x6483a @ 0x6ee7483a
ImageList_Add+0x2ef8 TaskDialogIndirect-0x1bda comctl32+0x5be99 @ 0x6ee6be99
ImageList_Add+0x2c60 TaskDialogIndirect-0x1e72 comctl32+0x5bc01 @ 0x6ee6bc01
DllInstall+0xed94 ImageList_SetBkColor-0x47ba comctl32+0x7b9c9 @ 0x6ee8b9c9
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7561f9df
GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7561f784
GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7561f889
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x755f965e
SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7562206f
DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7561cf4b
DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x7561ce8a
DialogBoxIndirectParamW+0x1b DialogBoxIndirectParamAorW-0x246 user32+0x3cc0e @ 0x7561cc0e
DllInstall+0x10943 ImageList_SetBkColor-0x2c0b comctl32+0x7d578 @ 0x6ee8d578
DllInstall+0x108d3 ImageList_SetBkColor-0x2c7b comctl32+0x7d508 @ 0x6ee8d508
PostErrorVA+0x7db ClearDownloadCache-0x131c3 clr+0x378f7f @ 0x742a8f7f
PostErrorVA+0xd12 ClearDownloadCache-0x12c8c clr+0x3794b6 @ 0x742a94b6
CreateHistoryReader+0x91d6c PostErrorVA-0xd71f3 clr+0x2a15b1 @ 0x741d15b1
CreateHistoryReader+0x1171e4 PostErrorVA-0x51d7b clr+0x326a29 @ 0x74256a29
mscorlib+0xa52f31 @ 0x73012f31
mscorlib+0x9b45f7 @ 0x72f745f7
mscorlib+0xd224c1 @ 0x732e24c1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2
DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84
DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f
mscorlib+0x2fce7e @ 0x728bce7e
mscorlib+0x2fcd8c @ 0x728bcd8c
mscorlib+0x2fcd0b @ 0x728bcd0b
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713
DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5
mscorlib+0x9bc1c8 @ 0x72f7c1c8
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f
DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed
DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd
CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553

exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x778d6f08
registers.esp: 3119868
registers.edi: 36
registers.eax: 5992496
registers.ebp: 3120000
registers.edx: 1042808898
registers.ebx: 65
registers.esi: 5992504
registers.ecx: 5559312
1 0 0

__exception__

 stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2
RtlReAllocateHeap+0x179 RtlGetIntegerAtom-0x2e8 ntdll+0x420e7 @ 0x778e20e7
RtlReAllocateHeap+0x7e RtlGetIntegerAtom-0x3e3 ntdll+0x41fec @ 0x778e1fec
DllInstall+0xff2c ImageList_SetBkColor-0x3622 comctl32+0x7cb61 @ 0x6ee8cb61
TaskDialogIndirect+0x54aa DllInstall-0x9d18 comctl32+0x62f1d @ 0x6ee72f1d
DllInstall+0xf582 ImageList_SetBkColor-0x3fcc comctl32+0x7c1b7 @ 0x6ee8c1b7
TaskDialogIndirect+0x55ae DllInstall-0x9c14 comctl32+0x63021 @ 0x6ee73021
TaskDialogIndirect+0x5553 DllInstall-0x9c6f comctl32+0x62fc6 @ 0x6ee72fc6
TaskDialogIndirect+0x3349 DllInstall-0xbe79 comctl32+0x60dbc @ 0x6ee70dbc
TaskDialogIndirect+0x3b29 DllInstall-0xb699 comctl32+0x6159c @ 0x6ee7159c
TaskDialogIndirect+0x35b1 DllInstall-0xbc11 comctl32+0x61024 @ 0x6ee71024
TaskDialogIndirect+0x2d3a DllInstall-0xc488 comctl32+0x607ad @ 0x6ee707ad
TaskDialogIndirect+0x7da2 DllInstall-0x7420 comctl32+0x65815 @ 0x6ee75815
TaskDialogIndirect+0x8ffa DllInstall-0x61c8 comctl32+0x66a6d @ 0x6ee76a6d
TaskDialogIndirect+0x5ee5 DllInstall-0x92dd comctl32+0x63958 @ 0x6ee73958
TaskDialogIndirect+0xe9a7 DllInstall-0x81b comctl32+0x6c41a @ 0x6ee7c41a
TaskDialogIndirect+0xe85a DllInstall-0x968 comctl32+0x6c2cd @ 0x6ee7c2cd
TaskDialogIndirect+0xe7bc DllInstall-0xa06 comctl32+0x6c22f @ 0x6ee7c22f
TaskDialogIndirect+0xe725 DllInstall-0xa9d comctl32+0x6c198 @ 0x6ee7c198
DllInstall+0x7261 ImageList_SetBkColor-0xc2ed comctl32+0x73e96 @ 0x6ee83e96
TaskDialogIndirect+0x9445 DllInstall-0x5d7d comctl32+0x66eb8 @ 0x6ee76eb8
DllInstall+0x731b ImageList_SetBkColor-0xc233 comctl32+0x73f50 @ 0x6ee83f50
DllInstall+0x72f7 ImageList_SetBkColor-0xc257 comctl32+0x73f2c @ 0x6ee83f2c
TaskDialogIndirect+0x6dc7 DllInstall-0x83fb comctl32+0x6483a @ 0x6ee7483a
ImageList_Add+0x2ef8 TaskDialogIndirect-0x1bda comctl32+0x5be99 @ 0x6ee6be99
ImageList_Add+0x2c60 TaskDialogIndirect-0x1e72 comctl32+0x5bc01 @ 0x6ee6bc01
DllInstall+0xed94 ImageList_SetBkColor-0x47ba comctl32+0x7b9c9 @ 0x6ee8b9c9
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7561f9df
GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7561f784
GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7561f889
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x755f965e
SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7562206f
DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7561cf4b
DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x7561ce8a
DialogBoxIndirectParamW+0x1b DialogBoxIndirectParamAorW-0x246 user32+0x3cc0e @ 0x7561cc0e
DllInstall+0x10943 ImageList_SetBkColor-0x2c0b comctl32+0x7d578 @ 0x6ee8d578
DllInstall+0x108d3 ImageList_SetBkColor-0x2c7b comctl32+0x7d508 @ 0x6ee8d508
PostErrorVA+0x7db ClearDownloadCache-0x131c3 clr+0x378f7f @ 0x742a8f7f
PostErrorVA+0xd12 ClearDownloadCache-0x12c8c clr+0x3794b6 @ 0x742a94b6
CreateHistoryReader+0x91d6c PostErrorVA-0xd71f3 clr+0x2a15b1 @ 0x741d15b1
CreateHistoryReader+0x1171e4 PostErrorVA-0x51d7b clr+0x326a29 @ 0x74256a29
mscorlib+0xa52f31 @ 0x73012f31
mscorlib+0x9b45f7 @ 0x72f745f7
mscorlib+0xd224c1 @ 0x732e24c1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2
DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84
DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f
mscorlib+0x2fce7e @ 0x728bce7e
mscorlib+0x2fcd8c @ 0x728bcd8c
mscorlib+0x2fcd0b @ 0x728bcd0b
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713
DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5
mscorlib+0x9bc1c8 @ 0x72f7c1c8
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8

exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x778d6f08
registers.esp: 3119496
registers.edi: 36
registers.eax: 5992496
registers.ebp: 3119628
registers.edx: 1042808898
registers.ebx: 65
registers.esi: 5992504
registers.ecx: 5559312
1 0 0

__exception__

 stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2
ImageList_Add+0x1d0b TaskDialogIndirect-0x2dc7 comctl32+0x5acac @ 0x6ee6acac
TaskDialogIndirect+0x96d5 DllInstall-0x5aed comctl32+0x67148 @ 0x6ee77148
TaskDialogIndirect+0xab2d DllInstall-0x4695 comctl32+0x685a0 @ 0x6ee785a0
DllInstall+0xb7a ImageList_SetBkColor-0x129d4 comctl32+0x6d7af @ 0x6ee7d7af
DllInstall+0xb48 ImageList_SetBkColor-0x12a06 comctl32+0x6d77d @ 0x6ee7d77d
TaskDialogIndirect+0x831e DllInstall-0x6ea4 comctl32+0x65d91 @ 0x6ee75d91
TaskDialogIndirect+0x4d03 DllInstall-0xa4bf comctl32+0x62776 @ 0x6ee72776
TaskDialogIndirect+0x6dc7 DllInstall-0x83fb comctl32+0x6483a @ 0x6ee7483a
ImageList_Add+0x2ef8 TaskDialogIndirect-0x1bda comctl32+0x5be99 @ 0x6ee6be99
ImageList_Add+0x2c60 TaskDialogIndirect-0x1e72 comctl32+0x5bc01 @ 0x6ee6bc01
DllInstall+0xed94 ImageList_SetBkColor-0x47ba comctl32+0x7b9c9 @ 0x6ee8b9c9
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7561f9df
GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7561f784
GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7561f889
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x755f965e
SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7562206f
DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7561cf4b
DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x7561ce8a
DialogBoxIndirectParamW+0x1b DialogBoxIndirectParamAorW-0x246 user32+0x3cc0e @ 0x7561cc0e
DllInstall+0x10943 ImageList_SetBkColor-0x2c0b comctl32+0x7d578 @ 0x6ee8d578
DllInstall+0x108d3 ImageList_SetBkColor-0x2c7b comctl32+0x7d508 @ 0x6ee8d508
PostErrorVA+0x7db ClearDownloadCache-0x131c3 clr+0x378f7f @ 0x742a8f7f
PostErrorVA+0xd12 ClearDownloadCache-0x12c8c clr+0x3794b6 @ 0x742a94b6
CreateHistoryReader+0x91d6c PostErrorVA-0xd71f3 clr+0x2a15b1 @ 0x741d15b1
CreateHistoryReader+0x1171e4 PostErrorVA-0x51d7b clr+0x326a29 @ 0x74256a29
mscorlib+0xa52f31 @ 0x73012f31
mscorlib+0x9b45f7 @ 0x72f745f7
mscorlib+0xd224c1 @ 0x732e24c1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2
DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84
DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f
mscorlib+0x2fce7e @ 0x728bce7e
mscorlib+0x2fcd8c @ 0x728bcd8c
mscorlib+0x2fcd0b @ 0x728bcd0b
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713
DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5
mscorlib+0x9bc1c8 @ 0x72f7c1c8
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f
DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed
DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd
CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553
LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42
DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95
DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003
HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd
DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x73f32170
DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x73f32195

exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x778d6f08
registers.esp: 3121484
registers.edi: 36
registers.eax: 5992496
registers.ebp: 3121616
registers.edx: 1042808898
registers.ebx: 65
registers.esi: 5992504
registers.ecx: 5559312
1 0 0

__exception__

 stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2
GetGadgetRect-0xd39 duser+0x2601 @ 0x6ede2601
GetGadgetRect-0xc96 duser+0x26a4 @ 0x6ede26a4
GetGadgetRgn+0x1ec DeleteHandle-0x1a9 duser+0x4558 @ 0x6ede4558
SetGadgetMessageFilter+0x1e2 CreateGadget-0x10e duser+0x6539 @ 0x6ede6539
SetGadgetMessageFilter+0x227 CreateGadget-0xc9 duser+0x657e @ 0x6ede657e
CreateGadget+0x1a2 SetGadgetRootInfo-0x84c duser+0x67e9 @ 0x6ede67e9
CreateGadget+0x14d SetGadgetRootInfo-0x8a1 duser+0x6794 @ 0x6ede6794
CreateGadget+0xca SetGadgetRootInfo-0x924 duser+0x6711 @ 0x6ede6711
TaskDialogIndirect+0xad42 DllInstall-0x4480 comctl32+0x687b5 @ 0x6ee787b5
DllInstall+0xb7a ImageList_SetBkColor-0x129d4 comctl32+0x6d7af @ 0x6ee7d7af
DllInstall+0xb48 ImageList_SetBkColor-0x12a06 comctl32+0x6d77d @ 0x6ee7d77d
TaskDialogIndirect+0x831e DllInstall-0x6ea4 comctl32+0x65d91 @ 0x6ee75d91
TaskDialogIndirect+0x4d03 DllInstall-0xa4bf comctl32+0x62776 @ 0x6ee72776
TaskDialogIndirect+0x6dc7 DllInstall-0x83fb comctl32+0x6483a @ 0x6ee7483a
TaskDialogIndirect+0xdb5c DllInstall-0x1666 comctl32+0x6b5cf @ 0x6ee7b5cf
ImageList_LoadImage+0x213f TaskDialog-0xaf0 comctl32+0xee21c @ 0x6eefe21c
DPA_Merge+0x124c5 CreateStatusWindow-0x26eaf comctl32+0xb7520 @ 0x6eec7520
ImageList_Add+0x2c60 TaskDialogIndirect-0x1e72 comctl32+0x5bc01 @ 0x6ee6bc01
DllInstall+0xed94 ImageList_SetBkColor-0x47ba comctl32+0x7b9c9 @ 0x6ee8b9c9
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7561f9df
GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7561f784
GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7561f889
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x755f965e
SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7562206f
DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7561cf4b
DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x7561ce8a
DialogBoxIndirectParamW+0x1b DialogBoxIndirectParamAorW-0x246 user32+0x3cc0e @ 0x7561cc0e
DllInstall+0x10943 ImageList_SetBkColor-0x2c0b comctl32+0x7d578 @ 0x6ee8d578
DllInstall+0x108d3 ImageList_SetBkColor-0x2c7b comctl32+0x7d508 @ 0x6ee8d508
PostErrorVA+0x7db ClearDownloadCache-0x131c3 clr+0x378f7f @ 0x742a8f7f
PostErrorVA+0xd12 ClearDownloadCache-0x12c8c clr+0x3794b6 @ 0x742a94b6
CreateHistoryReader+0x91d6c PostErrorVA-0xd71f3 clr+0x2a15b1 @ 0x741d15b1
CreateHistoryReader+0x1171e4 PostErrorVA-0x51d7b clr+0x326a29 @ 0x74256a29
mscorlib+0xa52f31 @ 0x73012f31
mscorlib+0x9b45f7 @ 0x72f745f7
mscorlib+0xd224c1 @ 0x732e24c1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2
DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84
DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f
mscorlib+0x2fce7e @ 0x728bce7e
mscorlib+0x2fcd8c @ 0x728bcd8c
mscorlib+0x2fcd0b @ 0x728bcd0b
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713
DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5
mscorlib+0x9bc1c8 @ 0x72f7c1c8
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f
DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed
DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd
CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553
LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42
DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95
DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8

exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x778d6f08
registers.esp: 3121192
registers.edi: 36
registers.eax: 5992496
registers.ebp: 3121324
registers.edx: 1042808898
registers.ebx: 65
registers.esi: 5992504
registers.ecx: 5559312
1 0 0

__exception__

 stacktrace: 
RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x778ce0d2
ImageList_Add+0x1d0b TaskDialogIndirect-0x2dc7 comctl32+0x5acac @ 0x6ee6acac
TaskDialogIndirect+0x96d5 DllInstall-0x5aed comctl32+0x67148 @ 0x6ee77148
TaskDialogIndirect+0xab2d DllInstall-0x4695 comctl32+0x685a0 @ 0x6ee785a0
DllInstall+0xb7a ImageList_SetBkColor-0x129d4 comctl32+0x6d7af @ 0x6ee7d7af
DllInstall+0xb48 ImageList_SetBkColor-0x12a06 comctl32+0x6d77d @ 0x6ee7d77d
TaskDialogIndirect+0x831e DllInstall-0x6ea4 comctl32+0x65d91 @ 0x6ee75d91
TaskDialogIndirect+0x4d03 DllInstall-0xa4bf comctl32+0x62776 @ 0x6ee72776
TaskDialogIndirect+0x6dc7 DllInstall-0x83fb comctl32+0x6483a @ 0x6ee7483a
TaskDialogIndirect+0xdb5c DllInstall-0x1666 comctl32+0x6b5cf @ 0x6ee7b5cf
ImageList_LoadImage+0x213f TaskDialog-0xaf0 comctl32+0xee21c @ 0x6eefe21c
DPA_Merge+0x124c5 CreateStatusWindow-0x26eaf comctl32+0xb7520 @ 0x6eec7520
ImageList_Add+0x2c60 TaskDialogIndirect-0x1e72 comctl32+0x5bc01 @ 0x6ee6bc01
DllInstall+0xed94 ImageList_SetBkColor-0x47ba comctl32+0x7b9c9 @ 0x6ee8b9c9
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7561f9df
GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7561f784
GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7561f889
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x755f965e
SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7562206f
DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7561cf4b
DialogBoxIndirectParamAorW+0x36 SetDlgItemTextW-0x116 user32+0x3ce8a @ 0x7561ce8a
DialogBoxIndirectParamW+0x1b DialogBoxIndirectParamAorW-0x246 user32+0x3cc0e @ 0x7561cc0e
DllInstall+0x10943 ImageList_SetBkColor-0x2c0b comctl32+0x7d578 @ 0x6ee8d578
DllInstall+0x108d3 ImageList_SetBkColor-0x2c7b comctl32+0x7d508 @ 0x6ee8d508
PostErrorVA+0x7db ClearDownloadCache-0x131c3 clr+0x378f7f @ 0x742a8f7f
PostErrorVA+0xd12 ClearDownloadCache-0x12c8c clr+0x3794b6 @ 0x742a94b6
CreateHistoryReader+0x91d6c PostErrorVA-0xd71f3 clr+0x2a15b1 @ 0x741d15b1
CreateHistoryReader+0x1171e4 PostErrorVA-0x51d7b clr+0x326a29 @ 0x74256a29
mscorlib+0xa52f31 @ 0x73012f31
mscorlib+0x9b45f7 @ 0x72f745f7
mscorlib+0xd224c1 @ 0x732e24c1
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x73f49dd2
DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7402db84
DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7402dc8f
mscorlib+0x2fce7e @ 0x728bce7e
mscorlib+0x2fcd8c @ 0x728bcd8c
mscorlib+0x2fcd0b @ 0x728bcd0b
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x74055713
DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x740557d5
mscorlib+0x9bc1c8 @ 0x72f7c1c8
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73f59df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73f59e2f
DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x740018ed
DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x74001bfd
CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x74153553
LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x74108a42
DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x74054e95
DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x74054dd8
RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x778e6ab9
RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x778e6a8b
New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x7467482b
KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x778b0143
RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x778ce003
HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd

exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89
exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08
exception.instruction: movzx eax, word ptr [esi]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 225032
exception.address: 0x778d6f08
registers.esp: 3121372
registers.edi: 36
registers.eax: 5992496
registers.ebp: 3121504
registers.edx: 1042808898
registers.ebx: 65
registers.esi: 5992504
registers.ecx: 5559312
1 0 0

__exception__

 stacktrace: 
mscorlib+0x30c9ff @ 0x728cc9ff
mscorlib+0x302367 @ 0x728c2367
mscorlib+0x3022a6 @ 0x728c22a6
mscorlib+0x302261 @ 0x728c2261
mscorlib+0x30ca7c @ 0x728cca7c
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95
DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x73fd07d8
LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x73fa7d4d
LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x73fa7dbb
LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x73fa7e88
DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x73f3c3bf
DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x73fd0694
DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x7404a0cf
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 39 09 e8 85 7b 89 71 eb 05 e8 e3 23 a3 73 b9 d4
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x500354
registers.esp: 81588944
registers.edi: 81589052
registers.eax: 0
registers.ebp: 81588976
registers.edx: 0
registers.ebx: 38806920
registers.esi: 38806900
registers.ecx: 0
1 0 0
domain marcelotatuape.ddns.net
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 983040
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00680000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00730000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f31000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f32000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 1376256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02310000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02420000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00412000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00445000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0044b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00447000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0042c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0042a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0041a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00700000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0043a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00437000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00436000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00701000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00702000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00731000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00733000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00735000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00736000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00737000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00738000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 16384
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00739000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 69632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0073d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0074e000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0041c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0074f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00751000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00703000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00752000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00704000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023ff000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00705000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00706000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00707000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00708000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00753000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00754000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0042d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00755000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00709000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0042b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0070a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023f1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023f3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\Protect544cd51a.dll
file C:\Users\test22\AppData\Local\Temp\Protect544cd51a.dll
section {u'size_of_data': u'0x00220c00', u'virtual_address': u'0x00002000', u'entropy': 7.852902023604091, u'name': u'.text', u'virtual_size': u'0x00220b4c'} entropy 7.8529020236 description A section with a high entropy has been found
entropy 0.969521690768 description Overall entropy of this PE file is high
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2580
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x000002c0
1 0 0
description sistem32.jpg tried to sleep 2728263 seconds, actually delayed analysis time by 2728263 seconds
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELh+Aeà 2P `@  @…ÀOK` €  H.text0 2 `.rsrc `4@@.reloc €8@B
base_address: 0x00400000
process_identifier: 2580
process_handle: 0x000002c0
1 1 0

WriteProcessMemory

 buffer: €0€HX`DD4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation°¤StringFileInfo€000004b0,FileDescription 0FileVersion0.0.0.08 InternalNameClient.exe(LegalCopyright @ OriginalFilenameClient.exe4ProductVersion0.0.0.08Assembly Version0.0.0.0
base_address: 0x00406000
process_identifier: 2580
process_handle: 0x000002c0
1 1 0

WriteProcessMemory

 buffer: P 0
base_address: 0x00408000
process_identifier: 2580
process_handle: 0x000002c0
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0xfffde008
process_identifier: 2580
process_handle: 0x000002c0
1 1 0
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELh+Aeà 2P `@  @…ÀOK` €  H.text0 2 `.rsrc `4@@.reloc €8@B
base_address: 0x00400000
process_identifier: 2580
process_handle: 0x000002c0
1 1 0
Process injection Process 296 called NtSetContextThread to modify thread in remote process 2580
Time & API Arguments Status Return Repeated

NtSetContextThread

 registers.eip: 2005598660
registers.esp: 4063188
registers.edi: 0
registers.eax: 4214798
registers.ebp: 0
registers.edx: 0
registers.ebx: -139264
registers.esi: 0
registers.ecx: 0
thread_handle: 0x000002bc
process_identifier: 2580
1 0 0
Process injection Process 296 resumed a thread in remote process 2580
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x000002bc
suspend_count: 1
process_identifier: 2580
1 0 0
dead_host 177.52.83.224:333
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x000000dc
suspend_count: 1
process_identifier: 296
1 0 0

NtResumeThread

 thread_handle: 0x00000154
suspend_count: 1
process_identifier: 296
1 0 0

NtResumeThread

 thread_handle: 0x00000194
suspend_count: 1
process_identifier: 296
1 0 0

CreateProcessInternalW

 thread_identifier: 2584
thread_handle: 0x000002bc
process_identifier: 2580
current_directory:
filepath:
track: 1
command_line: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
filepath_r:
stack_pivoted: 0
creation_flags: 564 (CREATE_NEW_CONSOLE|CREATE_NEW_PROCESS_GROUP|CREATE_SUSPENDED|NORMAL_PRIORITY_CLASS)
inherit_handles: 0
process_handle: 0x000002c0
1 1 0

NtUnmapViewOfSection

 base_address: 0x00400000
region_size: 6815744
process_identifier: 2580
process_handle: 0x000002c0
3221225497 0

NtAllocateVirtualMemory

 process_identifier: 2580
region_size: 40960
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x000002c0
1 0 0

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELh+Aeà 2P `@  @…ÀOK` €  H.text0 2 `.rsrc `4@@.reloc €8@B
base_address: 0x00400000
process_identifier: 2580
process_handle: 0x000002c0
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00402000
process_identifier: 2580
process_handle: 0x000002c0
1 1 0

WriteProcessMemory

 buffer: €0€HX`DD4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation°¤StringFileInfo€000004b0,FileDescription 0FileVersion0.0.0.08 InternalNameClient.exe(LegalCopyright @ OriginalFilenameClient.exe4ProductVersion0.0.0.08Assembly Version0.0.0.0
base_address: 0x00406000
process_identifier: 2580
process_handle: 0x000002c0
1 1 0

WriteProcessMemory

 buffer: P 0
base_address: 0x00408000
process_identifier: 2580
process_handle: 0x000002c0
1 1 0

NtGetContextThread

 thread_handle: 0x000002bc
1 0 0

WriteProcessMemory

 buffer: @
base_address: 0xfffde008
process_identifier: 2580
process_handle: 0x000002c0
1 1 0

NtSetContextThread

 registers.eip: 2005598660
registers.esp: 4063188
registers.edi: 0
registers.eax: 4214798
registers.ebp: 0
registers.edx: 0
registers.ebx: -139264
registers.esi: 0
registers.ecx: 0
thread_handle: 0x000002bc
process_identifier: 2580
1 0 0

NtResumeThread

 thread_handle: 0x000002bc
suspend_count: 1
process_identifier: 2580
1 0 0

NtResumeThread

 thread_handle: 0x000000dc
suspend_count: 1
process_identifier: 2580
1 0 0

NtResumeThread

 thread_handle: 0x00000154
suspend_count: 1
process_identifier: 2580
1 0 0

NtResumeThread

 thread_handle: 0x000001d4
suspend_count: 1
process_identifier: 2580
1 0 0

NtResumeThread

 thread_handle: 0x0000020c
suspend_count: 1
process_identifier: 2580
1 0 0