Microsoft (R) Windows Debugger Version 6.2.8229.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --always-authorize-plugins --crash-on-hang-seconds=10 --disable-popup-blocking --disable-prompt-on-repost --enable-accessibility --enable-cloud-print --enable-dcheck --enable-fullscreen --enable-logging --enable-media-stream --enable-nacl --enable-p2papi --enable-print-preview --enable-search-provider-api-v2 --enable-shadow-dom --enable-shortcut-provider --enable-smooth-scrolling --enable-video-fullscreen --experimental-location-features --experimental-spellchecker-features --force-renderer-accessibility --ignore-certificate-errors --js-flags="--expose-gc" --no-default-browser-check --no-first-run --user-data-dir=C:\Users\FuzzBot\AppData\Local\Temp\ChromeProfile_68652A55160D6223\user-data --plugin-data-dir=C:\Users\FuzzBot\AppData\Local\Temp\ChromeProfile_68652A55160D6223\plugin-data --user-scripts-dir=C:\Users\FuzzBot\AppData\Local\Temp\ChromeProfile_68652A55160D6223\user-scripts http://FX-W7-IE10-3:32768/Ping-WithSomethingToMakeItASemiUniqueStringThatCanBeDifferentiatedFromOtherRequests
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
ModLoad: 774a0000 775dc000 ntdll.dll
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
(454.d84): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000000 ecx=0024f918 edx=774e70f4 esi=fffffffe edi=00000000
eip=775405a6 esp=0024f934 ebp=0024f960 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!LdrpDoDebuggerBreak+0x2c:
775405a6 cc int 3
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00079004 ebx=ffffffff ecx=00070000 edx=00079004 esi=0024ee94 edi=0024ee78
eip=774e70f4 esp=0024ecb4 ebp=0024ed48 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=ffffffff ecx=00000345 edx=77606f63 esi=0024eaf4 edi=0024ead8
eip=774e70f4 esp=0024e914 ebp=0024e9a8 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=ffffffff ecx=0024fc04 edx=01052994 esi=0024fa10 edi=0024f9f4
eip=774e70f4 esp=0024f830 ebp=0024f8c4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=ffffffff ecx=765e0000 edx=00000000 esi=0024eb68 edi=0024eb4c
eip=774e70f4 esp=0024e988 ebp=0024ea1c iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=ffffffff ecx=00000000 edx=00000000 esi=0024f738 edi=0024f71c
eip=774e70f4 esp=0024f558 ebp=0024f5ec iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 67840000 69774000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome.dll
<---- EVENT: handle internal ld ---->
eax=0024f96c ebx=ffffffff ecx=00000009 edx=00000000 esi=0024f954 edi=0024f938
eip=774e70f4 esp=0024f774 ebp=0024f808 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=75b1b9ae ebx=ffffffff ecx=75b27578 edx=75b10000 esi=0024f628 edi=0024f60c
eip=774e70f4 esp=0024f448 ebp=0024f4dc iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=75aeb5d4 ebx=ffffffff ecx=00000208 edx=68f3ff76 esi=0024f628 edi=0024f60c
eip=774e70f4 esp=0024f448 ebp=0024f4dc iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73bb0000 73bc1000 C:\Windows\system32\NETAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=ffffffff ecx=75b2a2da edx=75f04000 esi=0024f628 edi=0024f60c
eip=774e70f4 esp=0024f448 ebp=0024f4dc iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73ba0000 73ba9000 C:\Windows\system32\netutils.dll
<---- EVENT: handle internal ld ---->
eax=00326000 ebx=ffffffff ecx=53a378a4 edx=00325ff0 esi=0024f288 edi=0024f26c
eip=774e70f4 esp=0024f0a8 ebp=0024f13c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75130000 75149000 C:\Windows\system32\srvcli.dll
<---- EVENT: handle internal ld ---->
eax=73ba1415 ebx=ffffffff ecx=73ba1114 edx=73ba0000 esi=0024f288 edi=0024f26c
eip=774e70f4 esp=0024f0a8 ebp=0024f13c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b00000 73b0f000 C:\Windows\system32\wkscli.dll
<---- EVENT: handle internal ld ---->
eax=7762dbeb ebx=ffffffff ecx=776234bc edx=77620000 esi=0024f288 edi=0024f26c
eip=774e70f4 esp=0024f0a8 ebp=0024f13c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73af0000 73aff000 C:\Windows\system32\SAMCLI.DLL
<---- EVENT: handle internal ld ---->
eax=000000f5 ebx=ffffffff ecx=73bb3615 edx=68f4134e esi=0024f610 edi=0024f5f4
eip=774e70f4 esp=0024f430 ebp=0024f4c4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701b0000 701ec000 C:\Windows\system32\OLEACC.dll
<---- EVENT: handle internal ld ---->
eax=7762c24b ebx=ffffffff ecx=776235e4 edx=77620000 esi=0024f628 edi=0024f60c
eip=774e70f4 esp=0024f448 ebp=0024f4dc iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=00000293 ebx=ffffffff ecx=75b2b7bb edx=701df000 esi=0024f628 edi=0024f60c
eip=774e70f4 esp=0024f448 ebp=0024f4dc iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=00002e00 ebx=ffffffff ecx=75241238 edx=752421ae esi=0024f610 edi=0024f5f4
eip=774e70f4 esp=0024f430 ebp=0024f4c4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=0024e608 ebx=ffffffff ecx=00000015 edx=00000000 esi=0024f628 edi=0024f60c
eip=774e70f4 esp=0024f448 ebp=0024f4dc iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 729c0000 729eb000 C:\Windows\system32\credui.dll
<---- EVENT: handle internal ld ---->
eax=0000007b ebx=ffffffff ecx=7456376a edx=68f3f249 esi=0024f628 edi=0024f60c
eip=774e70f4 esp=0024f448 ebp=0024f4dc iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75550000 7557f000 C:\Windows\system32\WINTRUST.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=ffffffff ecx=77626beb edx=729d4000 esi=0024f628 edi=0024f60c
eip=774e70f4 esp=0024f448 ebp=0024f4dc iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=7762f509 ebx=ffffffff ecx=776222a8 edx=77620000 esi=0024f288 edi=0024f26c
eip=774e70f4 esp=0024f0a8 ebp=0024f13c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=ffffffff ecx=77629003 edx=75727000 esi=0024eee8 edi=0024eecc
eip=774e70f4 esp=0024ed08 ebp=0024ed9c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 747d0000 747d9000 C:\Windows\system32\HID.DLL
<---- EVENT: handle internal ld ---->
eax=00000210 ebx=ffffffff ecx=77267068 edx=68f41455 esi=0024f628 edi=0024f60c
eip=774e70f4 esp=0024f448 ebp=0024f4dc iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70f30000 70f48000 C:\Windows\system32\NTDSAPI.dll
<---- EVENT: handle internal ld ---->
eax=000004de ebx=ffffffff ecx=77629041 edx=747d5000 esi=0024f628 edi=0024f60c
eip=774e70f4 esp=0024f448 ebp=0024f4dc iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=77629910 ebx=ffffffff ecx=77623418 edx=77620000 esi=0024f288 edi=0024f26c
eip=774e70f4 esp=0024f0a8 ebp=0024f13c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=75a16000 ebx=ffffffff ecx=75a16002 edx=774a0000 esi=0024eee8 edi=0024eecc
eip=774e70f4 esp=0024ed08 ebp=0024ed9c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(454.7fc): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 74990000 749b1000 C:\Windows\system32\ntmarta.dll
<---- EVENT: handle internal ld ---->
eax=0024f530 ebx=ffffffff ecx=00000014 edx=00000000 esi=0024f7d8 edi=0024f7bc
eip=774e70f4 esp=0024f5f8 ebp=0024f68c iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 762d0000 76315000 C:\Windows\system32\WLDAP32.dll
<---- EVENT: handle internal ld ---->
eax=7764dc75 ebx=ffffffff ecx=7762221c edx=77620000 esi=0024f438 edi=0024f41c
eip=774e70f4 esp=0024f258 ebp=0024f2ec iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 729b0000 729b4000 C:\Windows\system32\KBDUS.DLL
<---- EVENT: handle internal ld ---->
eax=0024f0fc ebx=ffffffff ecx=00000000 edx=00000009 esi=0024ebcc edi=0024ebb0
eip=774e70f4 esp=0024e9ec ebp=0024ea80 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76240000 762c3000 C:\Windows\system32\CLBCatQ.DLL
<---- EVENT: handle internal ld ---->
eax=0024f12c ebx=ffffffff ecx=00000016 edx=00000000 esi=0024f528 edi=0024f50c
eip=774e70f4 esp=0024f348 ebp=0024f3dc iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72970000 729bf000 C:\Windows\System32\Wpc.dll
<---- EVENT: handle internal ld ---->
eax=0039e200 ebx=ffffffff ecx=00330000 edx=00330000 esi=0024e758 edi=0024e73c
eip=774e70f4 esp=0024e578 ebp=0024e60c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 750c0000 75102000 C:\Windows\System32\wevtapi.dll
<---- EVENT: handle internal ld ---->
eax=01126ffc ebx=ffffffff ecx=0000001f edx=774e70f4 esi=0024e42c edi=0024e410
eip=774e70f4 esp=0024e24c ebp=0024e2e0 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 744f0000 74502000 C:\Windows\system32\SAMLIB.dll
<---- EVENT: handle internal ld ---->
eax=73af28aa ebx=ffffffff ecx=00523bc0 edx=00520174 esi=0024f5a0 edi=0024f584
eip=774e70f4 esp=0024f3c0 ebp=0024f454 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(454.d84): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 73740000 73750000 C:\Windows\system32\NLAapi.dll
<---- EVENT: handle internal ld ---->
eax=00eabe78 ebx=ffffffff ecx=00000000 edx=0000003c esi=0024f1e8 edi=0024f1cc
eip=774e70f4 esp=0024f008 ebp=0024f09c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00d2105c ebx=ffffffff ecx=00d20000 edx=00d2105c esi=0024ede8 edi=0024edcc
eip=774e70f4 esp=0024ec08 ebp=0024ec9c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=00d22008 ebx=ffffffff ecx=00d20000 edx=00d22008 esi=0024ea48 edi=0024ea2c
eip=774e70f4 esp=0024e868 ebp=0024e8fc iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(454.a14): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(454.e8c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 73590000 7359d000 C:\Windows\system32\dhcpcsvc6.DLL
<---- EVENT: handle internal ld ---->
eax=03a4f58c ebx=ffffffff ecx=b19f6674 edx=03a4efe8 esi=03a4f27c edi=03a4f260
eip=774e70f4 esp=03a4f09c ebp=03a4f130 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6e850000 6e886000 C:\Windows\system32\audioses.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=ffffffff ecx=0024f6aa edx=00000206 esi=0024f4a0 edi=0024f484
eip=774e70f4 esp=0024f2c0 ebp=0024f354 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73f10000 73f49000 C:\Windows\system32\MMDevAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000005 ebx=ffffffff ecx=772640f8 edx=6e877000 esi=0024f100 edi=0024f0e4
eip=774e70f4 esp=0024ef20 ebp=0024efb4 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 743f0000 744e5000 C:\Windows\system32\PROPSYS.dll
<---- EVENT: handle internal ld ---->
eax=7762ff45 ebx=ffffffff ecx=77623610 edx=77620000 esi=0024ed60 edi=0024ed44
eip=774e70f4 esp=0024eb80 ebp=0024ec14 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 721a0000 721b2000 C:\Windows\system32\dhcpcsvc.DLL
<---- EVENT: handle internal ld ---->
eax=03a4ed58 ebx=ffffffff ecx=00000010 edx=00000000 esi=03a4f2a0 edi=03a4f284
eip=774e70f4 esp=03a4f0c0 ebp=03a4f154 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75f10000 760ad000 C:\Windows\system32\SETUPAPI.dll
<---- EVENT: handle internal ld ---->
eax=73f3ef6c ebx=ffffffff ecx=003e0c10 edx=774e70f4 esi=0024e844 edi=0024e828
eip=774e70f4 esp=0024e664 ebp=0024e6f8 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755b0000 755d7000 C:\Windows\system32\CFGMGR32.dll
<---- EVENT: handle internal ld ---->
eax=75aedba7 ebx=ffffffff ecx=00000403 edx=75fbcf72 esi=0024e4a4 edi=0024e488
eip=774e70f4 esp=0024e2c4 ebp=0024e358 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75580000 75592000 C:\Windows\system32\DEVOBJ.dll
<---- EVENT: handle internal ld ---->
eax=75fbe000 ebx=ffffffff ecx=75fbe002 edx=77620000 esi=0024e4a4 edi=0024e488
eip=774e70f4 esp=0024e2c4 ebp=0024e358 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74b00000 74b16000 C:\Windows\system32\GPAPI.dll
<---- EVENT: handle internal ld ---->
eax=0024f1b8 ebx=ffffffff ecx=00000020 edx=00000000 esi=0024f2b0 edi=0024f294
eip=774e70f4 esp=0024f0d0 ebp=0024f164 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(454.92c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 70140000 70156000 C:\Windows\system32\wlanapi.dll
<---- EVENT: handle internal ld ---->
eax=68fc4264 ebx=ffffffff ecx=0564f71c edx=68fc4266 esi=0564f304 edi=0564f2e8
eip=774e70f4 esp=0564f124 ebp=0564f1b8 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 71da0000 71da6000 C:\Windows\system32\wlanutil.dll
<---- EVENT: handle internal ld ---->
eax=774e0b31 ebx=ffffffff ecx=00000415 edx=70151f54 esi=0564ef64 edi=0564ef48
eip=774e70f4 esp=0564ed84 ebp=0564ee18 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(454.92c): Unknown exception - code 000006a6 (first chance)
<---- EVENT: ignore 1st chance * ---->
(454.dfc): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(454.c4c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(454.290): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(454.c30): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(454.b94): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(454.9e4): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(454.eb4): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(454.f54): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(454.908): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 74f20000 74f37000 C:\Windows\system32\CRYPTSP.dll
<---- EVENT: handle internal ld ---->
eax=00000002 ebx=ffffffff ecx=043fede8 edx=00000000 esi=043fe9cc edi=043fe9b0
eip=774e70f4 esp=043fe7ec ebp=043fe880 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 753b0000 753fc000 C:\Windows\system32\apphelp.dll
<---- EVENT: handle internal ld ---->
eax=05b9e4e8 ebx=ffffffff ecx=0000000e edx=00000000 esi=05b9e338 edi=05b9e31c
eip=774e70f4 esp=05b9e158 ebp=05b9e1ec iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74cc0000 74cfb000 C:\Windows\system32\rsaenh.dll
<---- EVENT: handle internal ld ---->
eax=043fe508 ebx=ffffffff ecx=03d58004 edx=ff959af4 esi=043fe904 edi=043fe8e8
eip=774e70f4 esp=043fe724 ebp=043fe7b8 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 754a0000 754ae000 C:\Windows\system32\RpcRtRemote.dll
<---- EVENT: handle internal ld ---->
eax=043fe5a8 ebx=ffffffff ecx=00000008 edx=00000000 esi=043fe6fc edi=043fe6e0
eip=774e70f4 esp=043fe51c ebp=043fe5b0 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffd8000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0022fc78 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0022fc7c=00000000
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffd8000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0022fc78 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0022fc7c=00000000
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=00d22868 edx=00b75328 esi=7ffdf000 edi=0022f610
eip=774e70f4 esp=0022f4ec ebp=0022f524 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffdf000 edi=0022f270
eip=774e70f4 esp=0022f14c ebp=0022f184 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=00b91ff4 ebx=00000000 ecx=00b90000 edx=00b91ff4 esi=7ffdf000 edi=0022f490
eip=774e70f4 esp=0022f36c ebp=0022f3a4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffdf000 edi=0022f164
eip=774e70f4 esp=0022f040 ebp=0022f078 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffdf000 edi=0022ee38
eip=774e70f4 esp=0022ed14 ebp=0022ed4c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffdf000 edi=0022ee38
eip=774e70f4 esp=0022ed14 ebp=0022ed4c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=0022e8ac ebx=00000000 ecx=00000018 edx=00000000 esi=7ffdf000 edi=0022ea98
eip=774e70f4 esp=0022e974 ebp=0022e9ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=72a5502f ebx=00000000 ecx=72a5cbbc edx=72a40000 esi=7ffdf000 edi=0022f490
eip=774e70f4 esp=0022f36c ebp=0022f3a4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffdf000 edi=0022f490
eip=774e70f4 esp=0022f36c ebp=0022f3a4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=0022ef5c ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=0022f0f0
eip=774e70f4 esp=0022efcc ebp=0022f004 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffdf000 edi=0022ed50
eip=774e70f4 esp=0022ec2c ebp=0022ec64 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffdf000 edi=0022e9b0
eip=774e70f4 esp=0022e88c ebp=0022e8c4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffdf000 edi=0022e684
eip=774e70f4 esp=0022e560 ebp=0022e598 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffdf000 edi=0022f490
eip=774e70f4 esp=0022f36c ebp=0022f3a4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffdf000 edi=0022f490
eip=774e70f4 esp=0022f36c ebp=0022f3a4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffdf000 edi=0022f0f0
eip=774e70f4 esp=0022efcc ebp=0022f004 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=7762bf71 ebx=00000000 ecx=77623600 edx=77620000 esi=7ffdf000 edi=0022f490
eip=774e70f4 esp=0022f36c ebp=0022f3a4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffdf000 edi=0022ed0c
eip=774e70f4 esp=0022ebe8 ebp=0022ec20 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffdf000 edi=0022e96c
eip=774e70f4 esp=0022e848 ebp=0022e880 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=00d77000 ebx=00000000 ecx=00d76fe8 edx=00001000 esi=7ffdf000 edi=0022f888
eip=774e70f4 esp=0022f764 ebp=0022f79c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffdf000 edi=0022e9e0
eip=774e70f4 esp=0022e8bc ebp=0022e8f4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffdf000 edi=0022f5b0
eip=774e70f4 esp=0022f48c ebp=0022f4c4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(454.54c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(454.3dc): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 74ee0000 74f1c000 C:\Windows\system32\mswsock.dll
<---- EVENT: handle internal ld ---->
eax=05e6c064 ebx=ffffffff ecx=05e60000 edx=05e6c064 esi=05e0e850 edi=05e0e834
eip=774e70f4 esp=05e0e670 ebp=05e0e704 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74ed0000 74ed6000 C:\Windows\System32\wship6.dll
<---- EVENT: handle internal ld ---->
eax=05e0eab0 ebx=ffffffff ecx=00000016 edx=00000000 esi=05e0ea8c edi=05e0ea70
eip=774e70f4 esp=05e0e8ac ebp=05e0e940 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 71470000 71476000 C:\Windows\system32\rasadhlp.dll
<---- EVENT: handle internal ld ---->
eax=05f72068 ebx=ffffffff ecx=05f70000 edx=05f72068 esi=05e0ed3c edi=05e0ed20
eip=774e70f4 esp=05e0eb5c ebp=05e0ebf0 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(454.ef0): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 74da0000 74de4000 C:\Windows\system32\DNSAPI.dll
<---- EVENT: handle internal ld ---->
eax=0000c008 ebx=ffffffff ecx=00000003 edx=0000207a esi=043fe838 edi=043fe81c
eip=774e70f4 esp=043fe658 ebp=043fe6ec iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 721c0000 721f8000 C:\Windows\System32\fwpuclnt.dll
<---- EVENT: handle internal ld ---->
eax=071e0988 ebx=ffffffff ecx=00000000 edx=40140042 esi=043fec0c edi=043febf0
eip=774e70f4 esp=043fea2c ebp=043feac0 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 65750000 67833000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=00cdf01c ebx=00000000 ecx=00cd0000 edx=00cdf01c esi=7ffdf000 edi=0022f7cc
eip=774e70f4 esp=0022f6a8 ebp=0022f6e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=66eef000 ebx=00000000 ecx=66eef002 edx=75b10000 esi=7ffdf000 edi=0022f4a0
eip=774e70f4 esp=0022f37c ebp=0022f3b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=7762924d ebx=00000000 ecx=00000523 edx=76493f70 esi=7ffdf000 edi=0022f174
eip=774e70f4 esp=0022f050 ebp=0022f088 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffdf000 edi=0022f174
eip=774e70f4 esp=0022f050 ebp=0022f088 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=00d20184 ebx=00000000 ecx=000000fe edx=00000003 esi=7ffdf000 edi=0022f174
eip=774e70f4 esp=0022f050 ebp=0022f088 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755323a2 ebx=00000000 ecx=0000004d edx=75530053 esi=7ffdf000 edi=0022f174
eip=774e70f4 esp=0022f050 ebp=0022f088 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffdf000 edi=0022f174
eip=774e70f4 esp=0022f050 ebp=0022f088 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffdf000 edi=0022f15c
eip=774e70f4 esp=0022f038 ebp=0022f070 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=0022f0dc ebx=00000000 ecx=0000000a edx=00000000 esi=7ffdf000 edi=0022f174
eip=774e70f4 esp=0022f050 ebp=0022f088 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=66eef247 esi=7ffdf000 edi=0022f4a0
eip=774e70f4 esp=0022f37c ebp=0022f3b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=66eed338 ebx=00000000 ecx=66eed33a edx=75a30000 esi=7ffdf000 edi=0022f4a0
eip=774e70f4 esp=0022f37c ebp=0022f3b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=66eef344 esi=7ffdf000 edi=0022f4a0
eip=774e70f4 esp=0022f37c ebp=0022f3b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=0022ec54 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=0022f100
eip=774e70f4 esp=0022efdc ebp=0022f014 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffdf000 edi=0022f4a0
eip=774e70f4 esp=0022f37c ebp=0022f3b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffdf000 edi=0022f4a0
eip=774e70f4 esp=0022f37c ebp=0022f3b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffdf000 edi=0022f100
eip=774e70f4 esp=0022efdc ebp=0022f014 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=66eecb43 esi=7ffdf000 edi=0022f4a0
eip=774e70f4 esp=0022f37c ebp=0022f3b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffdf000 edi=0022f100
eip=774e70f4 esp=0022efdc ebp=0022f014 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=774d5340 ebx=00000000 ecx=774d7ff4 edx=774a0000 esi=7ffdf000 edi=0022f100
eip=774e70f4 esp=0022efdc ebp=0022f014 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=66eed249 esi=7ffdf000 edi=0022f4a0
eip=774e70f4 esp=0022f37c ebp=0022f3b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=75a16000 ebx=00000000 ecx=75a16002 edx=774a0000 esi=7ffdf000 edi=0022f4a0
eip=774e70f4 esp=0022f37c ebp=0022f3b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=0022ef00 ebx=00000000 ecx=00000003 edx=00000000 esi=7ffdf000 edi=0022f488
eip=774e70f4 esp=0022f364 ebp=0022f39c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(814.270): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(814.fe0): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 6a9b0000 6acc9000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\D3DCompiler_46.dll
<---- EVENT: handle internal ld ---->
eax=0022e4c4 ebx=00000000 ecx=0000000d edx=00000000 esi=7ffdf000 edi=0022ea3c
eip=774e70f4 esp=0022e918 ebp=0022e950 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6b780000 6b88b000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
<---- EVENT: handle internal ld ---->
eax=0022e7b8 ebx=00000000 ecx=00000002 edx=00000000 esi=7ffdf000 edi=0022ea7c
eip=774e70f4 esp=0022e958 ebp=0022e990 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 703d0000 70593000 C:\Windows\system32\d3d9.dll
<---- EVENT: handle internal ld ---->
eax=0022e5ec ebx=00000000 ecx=00000002 edx=00000000 esi=7ffdf000 edi=0022e750
eip=774e70f4 esp=0022e62c ebp=0022e664 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 703c0000 703c6000 C:\Windows\system32\d3d8thk.dll
<---- EVENT: handle internal ld ---->
eax=00d92100 ebx=00000000 ecx=00d20000 edx=00d20000 esi=7ffdf000 edi=0022e3b0
eip=774e70f4 esp=0022e28c ebp=0022e2c4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73ec0000 73ed3000 C:\Windows\system32\dwmapi.dll
<---- EVENT: handle internal ld ---->
eax=00000086 ebx=00000000 ecx=7657392b edx=70578000 esi=7ffdf000 edi=0022e3b0
eip=774e70f4 esp=0022e28c ebp=0022e2c4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a00000 72a37000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libegl.dll
<---- EVENT: handle internal ld ---->
eax=0022e8ec ebx=00000000 ecx=00000009 edx=00000000 esi=7ffdf000 edi=0022ea7c
eip=774e70f4 esp=0022e958 ebp=0022e990 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74070000 740bc000 C:\Windows\system32\dxgi.dll
<---- EVENT: handle internal ld ---->
eax=00fac000 ebx=00000000 ecx=00fa0000 edx=00fac000 esi=7ffdf000 edi=0022ed20
eip=774e70f4 esp=0022ebfc ebp=0022ec34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 733f0000 73565000 C:\Windows\system32\d3d11.dll
<---- EVENT: handle internal ld ---->
eax=00fad010 ebx=00000000 ecx=00fa0000 edx=00fad010 esi=7ffdf000 edi=0022ed20
eip=774e70f4 esp=0022ebfc ebp=0022ec34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75f10000 760ad000 C:\Windows\system32\setupapi.dll
<---- EVENT: handle internal ld ---->
eax=0022e2ac ebx=00000000 ecx=0022e2c4 edx=00000014 esi=7ffdf000 edi=0022bcfc
eip=774e70f4 esp=0022bbd8 ebp=0022bc10 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755b0000 755d7000 C:\Windows\system32\CFGMGR32.dll
<---- EVENT: handle internal ld ---->
eax=75aedba7 ebx=00000000 ecx=00000403 edx=75fbcf72 esi=7ffdf000 edi=0022b95c
eip=774e70f4 esp=0022b838 ebp=0022b870 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75580000 75592000 C:\Windows\system32\DEVOBJ.dll
<---- EVENT: handle internal ld ---->
eax=75fbe000 ebx=00000000 ecx=75fbe002 edx=77620000 esi=7ffdf000 edi=0022b95c
eip=774e70f4 esp=0022b838 ebp=0022b870 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75550000 7557f000 C:\Windows\system32\WINTRUST.dll
<---- EVENT: handle internal ld ---->
eax=75f10000 ebx=00000000 ecx=000ab280 edx=000b0300 esi=7ffdf000 edi=0022bb60
eip=774e70f4 esp=0022ba3c ebp=0022ba74 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75f10000 760ad000 C:\Windows\system32\setupapi.dll
<---- EVENT: handle internal ld ---->
eax=0022a0b0 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffdf000 edi=0022a250
eip=774e70f4 esp=0022a12c ebp=0022a164 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755b0000 755d7000 C:\Windows\system32\CFGMGR32.dll
<---- EVENT: handle internal ld ---->
eax=75aedba7 ebx=00000000 ecx=00000403 edx=75fbcf72 esi=7ffdf000 edi=00229eb0
eip=774e70f4 esp=00229d8c ebp=00229dc4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75580000 75592000 C:\Windows\system32\DEVOBJ.dll
<---- EVENT: handle internal ld ---->
eax=75fbe000 ebx=00000000 ecx=75fbe002 edx=77620000 esi=7ffdf000 edi=00229eb0
eip=774e70f4 esp=00229d8c ebp=00229dc4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(454.f24): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
Error - Too long restart command line passed
ModLoad: 75470000 75499000 C:\Windows\system32\WINSTA.dll
<---- EVENT: handle internal ld ---->
eax=05a5f2c4 ebx=ffffffff ecx=00000003 edx=00000000 esi=05a5f21c edi=05a5f200
eip=774e70f4 esp=05a5f03c ebp=05a5f0d0 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(454.f34): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(454.9bc): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 73ec0000 73ed3000 C:\Windows\system32\dwmapi.dll
<---- EVENT: handle internal ld ---->
eax=06d4f024 ebx=ffffffff ecx=06d40000 edx=06d4f024 esi=0024e09c edi=0024e080
eip=774e70f4 esp=0024debc ebp=0024df50 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 742a0000 742e0000 C:\Windows\system32\uxtheme.dll
<---- EVENT: handle internal ld ---->
eax=0024e794 ebx=ffffffff ecx=00000008 edx=00000000 esi=0024e8f0 edi=0024e8d4
eip=774e70f4 esp=0024e710 ebp=0024e7a4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(814.f94): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(454.a78): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
<---- EVENT: handle internal epr ---->
eax=00000000 ebx=00000000 ecx=0022fae8 edx=00000020 esi=77577380 edi=77577340
eip=774e70f4 esp=0022fb38 ebp=0022fb54 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a20000 72a34000 C:\Windows\system32\devenum.dll
<---- EVENT: handle internal ld ---->
eax=0419da4c ebx=ffffffff ecx=00000016 edx=00000000 esi=0419dfa8 edi=0419df8c
eip=774e70f4 esp=0419ddc8 ebp=0419de5c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a10000 72a1b000 C:\Windows\system32\msdmo.dll
<---- EVENT: handle internal ld ---->
eax=01d8dffc ebx=ffffffff ecx=0000001f edx=774e70f4 esi=0419eeb0 edi=0419ee94
eip=774e70f4 esp=0419ecd0 ebp=0419ed64 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 729f0000 72a03000 C:\Windows\system32\avicap32.dll
<---- EVENT: handle internal ld ---->
eax=0419e9f8 ebx=ffffffff ecx=00000018 edx=00000000 esi=0419ef28 edi=0419ef0c
eip=774e70f4 esp=0419ed48 ebp=0419eddc iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6e120000 6e141000 C:\Windows\system32\MSVFW32.dll
<---- EVENT: handle internal ld ---->
eax=77643e27 ebx=ffffffff ecx=776225d4 edx=77620000 esi=0419eb88 edi=0419eb6c
eip=774e70f4 esp=0419e9a8 ebp=0419ea3c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(454.968): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffd8000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0014f970 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0014f974=00000000
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffd8000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0014f970 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0014f974=00000000
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=00a12d10 edx=008fef28 esi=7ffdf000 edi=0014f308
eip=774e70f4 esp=0014f1e4 ebp=0014f21c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffdf000 edi=0014ef68
eip=774e70f4 esp=0014ee44 ebp=0014ee7c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=00921ff4 ebx=00000000 ecx=00920000 edx=00921ff4 esi=7ffdf000 edi=0014f188
eip=774e70f4 esp=0014f064 ebp=0014f09c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffdf000 edi=0014ee5c
eip=774e70f4 esp=0014ed38 ebp=0014ed70 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffdf000 edi=0014eb30
eip=774e70f4 esp=0014ea0c ebp=0014ea44 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffdf000 edi=0014eb30
eip=774e70f4 esp=0014ea0c ebp=0014ea44 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=0014e5a4 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffdf000 edi=0014e790
eip=774e70f4 esp=0014e66c ebp=0014e6a4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=00a16000 ebx=00000000 ecx=00a15fe8 edx=00001000 esi=7ffdf000 edi=0014f188
eip=774e70f4 esp=0014f064 ebp=0014f09c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffdf000 edi=0014f188
eip=774e70f4 esp=0014f064 ebp=0014f09c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=0014ec54 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=0014ede8
eip=774e70f4 esp=0014ecc4 ebp=0014ecfc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffdf000 edi=0014ea48
eip=774e70f4 esp=0014e924 ebp=0014e95c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffdf000 edi=0014e6a8
eip=774e70f4 esp=0014e584 ebp=0014e5bc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffdf000 edi=0014e37c
eip=774e70f4 esp=0014e258 ebp=0014e290 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffdf000 edi=0014f188
eip=774e70f4 esp=0014f064 ebp=0014f09c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffdf000 edi=0014f188
eip=774e70f4 esp=0014f064 ebp=0014f09c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffdf000 edi=0014ede8
eip=774e70f4 esp=0014ecc4 ebp=0014ecfc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=7762bf71 ebx=00000000 ecx=77623600 edx=77620000 esi=7ffdf000 edi=0014f188
eip=774e70f4 esp=0014f064 ebp=0014f09c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffdf000 edi=0014ea04
eip=774e70f4 esp=0014e8e0 ebp=0014e918 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffdf000 edi=0014e664
eip=774e70f4 esp=0014e540 ebp=0014e578 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=0014f774 edx=01052994 esi=7ffdf000 edi=0014f580
eip=774e70f4 esp=0014f45c ebp=0014f494 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffdf000 edi=0014e6d8
eip=774e70f4 esp=0014e5b4 ebp=0014e5ec iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffdf000 edi=0014f2a8
eip=774e70f4 esp=0014f184 ebp=0014f1bc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=00bff01c ebx=00000000 ecx=00bf0000 edx=00bff01c esi=7ffdf000 edi=0014f4c4
eip=774e70f4 esp=0014f3a0 ebp=0014f3d8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffdf000 edi=0014f198
eip=774e70f4 esp=0014f074 ebp=0014f0ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=7762924d ebx=00000000 ecx=00000523 edx=76493f70 esi=7ffdf000 edi=0014ee6c
eip=774e70f4 esp=0014ed48 ebp=0014ed80 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffdf000 edi=0014ee6c
eip=774e70f4 esp=0014ed48 ebp=0014ed80 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755430cb ebx=00000000 ecx=0000008c edx=75540055 esi=7ffdf000 edi=0014ee6c
eip=774e70f4 esp=0014ed48 ebp=0014ed80 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755323a2 ebx=00000000 ecx=0000004d edx=75530053 esi=7ffdf000 edi=0014ee6c
eip=774e70f4 esp=0014ed48 ebp=0014ed80 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffdf000 edi=0014ee6c
eip=774e70f4 esp=0014ed48 ebp=0014ed80 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffdf000 edi=0014ee54
eip=774e70f4 esp=0014ed30 ebp=0014ed68 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=0014edd4 ebx=00000000 ecx=0000000a edx=00000000 esi=7ffdf000 edi=0014ee6c
eip=774e70f4 esp=0014ed48 ebp=0014ed80 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffdf000 edi=0014f198
eip=774e70f4 esp=0014f074 ebp=0014f0ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffdf000 edi=0014f198
eip=774e70f4 esp=0014f074 ebp=0014f0ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffdf000 edi=0014f198
eip=774e70f4 esp=0014f074 ebp=0014f0ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=0014e94c ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=0014edf8
eip=774e70f4 esp=0014ecd4 ebp=0014ed0c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffdf000 edi=0014f198
eip=774e70f4 esp=0014f074 ebp=0014f0ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffdf000 edi=0014f198
eip=774e70f4 esp=0014f074 ebp=0014f0ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffdf000 edi=0014edf8
eip=774e70f4 esp=0014ecd4 ebp=0014ed0c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffdf000 edi=0014f198
eip=774e70f4 esp=0014f074 ebp=0014f0ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffdf000 edi=0014edf8
eip=774e70f4 esp=0014ecd4 ebp=0014ed0c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=774d5340 ebx=00000000 ecx=774d7ff4 edx=774a0000 esi=7ffdf000 edi=0014edf8
eip=774e70f4 esp=0014ecd4 ebp=0014ed0c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffdf000 edi=0014f198
eip=774e70f4 esp=0014f074 ebp=0014f0ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=75a16000 ebx=00000000 ecx=75a16002 edx=774a0000 esi=7ffdf000 edi=0014f198
eip=774e70f4 esp=0014f074 ebp=0014f0ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=0014ebf8 ebx=00000000 ecx=00000003 edx=00000000 esi=7ffdf000 edi=0014f180
eip=774e70f4 esp=0014f05c ebp=0014f094 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 71a40000 71a98000 C:\Windows\system32\WINHTTP.dll
<---- EVENT: handle internal ld ---->
eax=043ff814 ebx=ffffffff ecx=043ff9d0 edx=00000000 esi=043ff584 edi=043ff568
eip=774e70f4 esp=043ff3a4 ebp=043ff438 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 719f0000 71a3f000 C:\Windows\system32\webio.dll
<---- EVENT: handle internal ld ---->
eax=08e89018 ebx=ffffffff ecx=08e80000 edx=08e89018 esi=043ff1e4 edi=043ff1c8
eip=774e70f4 esp=043ff004 ebp=043ff098 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(e54.3b4): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 6b750000 6b885000 C:\Windows\system32\dwrite.dll
<---- EVENT: handle internal ld ---->
eax=0014f3b0 ebx=00000000 ecx=416f4dc6 edx=02901338 esi=7ffdf000 edi=0014f228
eip=774e70f4 esp=0014f104 ebp=0014f13c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73280000 733ef000 C:\Windows\system32\explorerframe.dll
<---- EVENT: handle internal ld ---->
eax=06cedc30 ebx=ffffffff ecx=00000011 edx=00000000 esi=06cedea8 edi=06cede8c
eip=774e70f4 esp=06cedcc8 ebp=06cedd5c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74270000 7429f000 C:\Windows\system32\DUser.dll
<---- EVENT: handle internal ld ---->
eax=00000078 ebx=ffffffff ecx=766976b0 edx=73375000 esi=06cedb08 edi=06cedaec
eip=774e70f4 esp=06ced928 ebp=06ced9bc iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73cc0000 73d72000 C:\Windows\system32\DUI70.dll
<---- EVENT: handle internal ld ---->
eax=00000031 ebx=ffffffff ecx=7427206a edx=73375647 esi=06cedb08 edi=06cedaec
eip=774e70f4 esp=06ced928 ebp=06ced9bc iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74bc0000 74bc8000 C:\Windows\system32\credssp.dll
<---- EVENT: handle internal ld ---->
eax=06207490 ebx=ffffffff ecx=0980e8af edx=00000132 esi=043fef58 edi=043fef3c
eip=774e70f4 esp=043fed78 ebp=043fee0c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=001cf824 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:001cf828=00000000
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=001cf824 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:001cf828=00000000
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=021f2768 edx=00dbdb28 esi=7ffde000 edi=001cf1bc
eip=774e70f4 esp=001cf098 ebp=001cf0d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffde000 edi=001cee1c
eip=774e70f4 esp=001cecf8 ebp=001ced30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=001efac4 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:001efac8=00000000
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=00dd1ff4 ebx=00000000 ecx=00dd0000 edx=00dd1ff4 esi=7ffde000 edi=001cf03c
eip=774e70f4 esp=001cef18 ebp=001cef50 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=001efac4 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:001efac8=00000000
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=004b2768 edx=00405f28 esi=7ffde000 edi=001ef45c
eip=774e70f4 esp=001ef338 ebp=001ef370 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffde000 edi=001ced10
eip=774e70f4 esp=001cebec ebp=001cec24 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74a50000 74a55000 C:\Windows\System32\wshtcpip.dll
<---- EVENT: handle internal ld ---->
eax=0a77710c ebx=ffffffff ecx=0a770000 edx=0a77710c esi=05e0eae0 edi=05e0eac4
eip=774e70f4 esp=05e0e900 ebp=05e0e994 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffde000 edi=001ce9e4
eip=774e70f4 esp=001ce8c0 ebp=001ce8f8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffde000 edi=001ce9e4
eip=774e70f4 esp=001ce8c0 ebp=001ce8f8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=001ce458 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffde000 edi=001ce644
eip=774e70f4 esp=001ce520 ebp=001ce558 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffde000 edi=001ef0bc
eip=774e70f4 esp=001eef98 ebp=001eefd0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffdc000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0027faf0 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0027faf4=00000000
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=72a5502f ebx=00000000 ecx=72a5cbbc edx=72a40000 esi=7ffde000 edi=001cf03c
eip=774e70f4 esp=001cef18 ebp=001cef50 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffdc000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0027faf0 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0027faf4=00000000
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffde000 edi=001cf03c
eip=774e70f4 esp=001cef18 ebp=001cef50 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=00aa2768 edx=00a03728 esi=7ffdf000 edi=0027f488
eip=774e70f4 esp=0027f364 ebp=0027f39c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=001ceb08 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffde000 edi=001cec9c
eip=774e70f4 esp=001ceb78 ebp=001cebb0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffdf000 edi=0027f0e8
eip=774e70f4 esp=0027efc4 ebp=0027effc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffde000 edi=001ce8fc
eip=774e70f4 esp=001ce7d8 ebp=001ce810 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=00a21ff4 ebx=00000000 ecx=00a20000 edx=00a21ff4 esi=7ffdf000 edi=0027f308
eip=774e70f4 esp=0027f1e4 ebp=0027f21c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffde000 edi=001ce55c
eip=774e70f4 esp=001ce438 ebp=001ce470 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffdf000 edi=0027efdc
eip=774e70f4 esp=0027eeb8 ebp=0027eef0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffde000 edi=001ce230
eip=774e70f4 esp=001ce10c ebp=001ce144 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffdf000 edi=0027ecb0
eip=774e70f4 esp=0027eb8c ebp=0027ebc4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffde000 edi=001cf03c
eip=774e70f4 esp=001cef18 ebp=001cef50 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffdf000 edi=0027ecb0
eip=774e70f4 esp=0027eb8c ebp=0027ebc4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffde000 edi=001cf03c
eip=774e70f4 esp=001cef18 ebp=001cef50 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=0027e724 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffdf000 edi=0027e910
eip=774e70f4 esp=0027e7ec ebp=0027e824 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffde000 edi=001cec9c
eip=774e70f4 esp=001ceb78 ebp=001cebb0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=72a5502f ebx=00000000 ecx=72a5cbbc edx=72a40000 esi=7ffdf000 edi=0027f308
eip=774e70f4 esp=0027f1e4 ebp=0027f21c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=7762bf71 ebx=00000000 ecx=77623600 edx=77620000 esi=7ffde000 edi=001cf03c
eip=774e70f4 esp=001cef18 ebp=001cef50 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffdf000 edi=0027f308
eip=774e70f4 esp=0027f1e4 ebp=0027f21c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=0027edd4 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=0027ef68
eip=774e70f4 esp=0027ee44 ebp=0027ee7c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffde000 edi=001ce8b8
eip=774e70f4 esp=001ce794 ebp=001ce7cc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffdf000 edi=0027ebc8
eip=774e70f4 esp=0027eaa4 ebp=0027eadc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0029fef0 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0029fef4=00000000
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffde000 edi=001ce518
eip=774e70f4 esp=001ce3f4 ebp=001ce42c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffdf000 edi=0027e828
eip=774e70f4 esp=0027e704 ebp=0027e73c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffdf000 edi=0027e4fc
eip=774e70f4 esp=0027e3d8 ebp=0027e410 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=001cf624 edx=01052994 esi=7ffde000 edi=001cf430
eip=774e70f4 esp=001cf30c ebp=001cf344 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffdf000 edi=0027f308
eip=774e70f4 esp=0027f1e4 ebp=0027f21c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffde000 edi=001ce58c
eip=774e70f4 esp=001ce468 ebp=001ce4a0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffde000 edi=001cf158
eip=774e70f4 esp=001cf034 ebp=001cf06c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffdf000 edi=0027f308
eip=774e70f4 esp=0027f1e4 ebp=0027f21c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffdd000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=002cf924 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:002cf928=00000000
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffdf000 edi=0027ef68
eip=774e70f4 esp=0027ee44 ebp=0027ee7c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffd9000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0016ff2c ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0016ff30=00000000
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=00f9f01c ebx=00000000 ecx=00f90000 edx=00f9f01c esi=7ffde000 edi=001cf378
eip=774e70f4 esp=001cf254 ebp=001cf28c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00001809 ebx=00000000 ecx=756021d8 edx=75600000 esi=7ffdf000 edi=0027f308
eip=774e70f4 esp=0027f1e4 ebp=0027f21c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffd7000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=001ffdc0 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:001ffdc4=00000000
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=00f10000 ebx=00000000 ecx=00010000 edx=774e70f4 esi=7ffdf000 edi=0014f11c
eip=774e70f4 esp=0014eff8 ebp=0014f030 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0029fef0 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0029fef4=00000000
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffd9000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0016ff2c ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0016ff30=00000000
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=02132d80 edx=00e57728 esi=7ffdf000 edi=0016f8c4
eip=774e70f4 esp=0016f7a0 ebp=0016f7d8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=0016f048 ebx=00000000 ecx=0016f074 edx=0016f064 esi=7ffdf000 edi=0016f524
eip=774e70f4 esp=0016f400 ebp=0016f438 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a1b0000 6a413000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libpeerconnection.dll
<---- EVENT: handle internal ld ---->
eax=00f15004 ebx=00000000 ecx=00f10000 edx=00f15004 esi=7ffdf000 edi=0014f1c4
eip=774e70f4 esp=0014f0a0 ebp=0014f0d8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=00421ff4 ebx=00000000 ecx=00420000 edx=00421ff4 esi=7ffde000 edi=001ef2dc
eip=774e70f4 esp=001ef1b8 ebp=001ef1f0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffd3000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=001afca4 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:001afca8=00000000
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=00552768 edx=00541f28 esi=7ffde000 edi=0029f888
eip=774e70f4 esp=0029f764 ebp=0029f79c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=02135000 ebx=00000000 ecx=02134fe8 edx=00001000 esi=7ffdf000 edi=0016f744
eip=774e70f4 esp=0016f620 ebp=0016f658 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffdf000 edi=0016f418
eip=774e70f4 esp=0016f2f4 ebp=0016f32c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffdf000 edi=0016f0ec
eip=774e70f4 esp=0016efc8 ebp=0016f000 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=75ae6c5c ebx=00000000 ecx=00000154 edx=72a5d347 esi=7ffde000 edi=001eefb0
eip=774e70f4 esp=001eee8c ebp=001eeec4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffde000 edi=001eec84
eip=774e70f4 esp=001eeb60 ebp=001eeb98 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffde000 edi=001eec84
eip=774e70f4 esp=001eeb60 ebp=001eeb98 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=001ee6f8 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffde000 edi=001ee8e4
eip=774e70f4 esp=001ee7c0 ebp=001ee7f8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=72a5502f ebx=00000000 ecx=72a5cbbc edx=72a40000 esi=7ffde000 edi=001ef2dc
eip=774e70f4 esp=001ef1b8 ebp=001ef1f0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=00000014 ebx=00000000 ecx=0000000e edx=00000056 esi=7ffde000 edi=0029f4e8
eip=774e70f4 esp=0029f3c4 ebp=0029f3fc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=00661ff4 ebx=00000000 ecx=00660000 edx=00661ff4 esi=7ffde000 edi=0029f708
eip=774e70f4 esp=0029f5e4 ebp=0029f61c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffde000 edi=0029f3dc
eip=774e70f4 esp=0029f2b8 ebp=0029f2f0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=00000001 ebx=00000000 ecx=0000022d edx=749c5152 esi=7ffde000 edi=001ef2dc
eip=774e70f4 esp=001ef1b8 ebp=001ef1f0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=001eeda8 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffde000 edi=001eef3c
eip=774e70f4 esp=001eee18 ebp=001eee50 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffde000 edi=0029f0b0
eip=774e70f4 esp=0029ef8c ebp=0029efc4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffde000 edi=0029f0b0
eip=774e70f4 esp=0029ef8c ebp=0029efc4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffde000 edi=001eeb9c
eip=774e70f4 esp=001eea78 ebp=001eeab0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffde000 edi=001ee7fc
eip=774e70f4 esp=001ee6d8 ebp=001ee710 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=001ee540 ebx=00000000 ecx=001ee548 edx=00000030 esi=7ffde000 edi=001ee4d0
eip=774e70f4 esp=001ee3ac ebp=001ee3e4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=0029eb24 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffde000 edi=0029ed10
eip=774e70f4 esp=0029ebec ebp=0029ec24 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=72a5502f ebx=00000000 ecx=72a5cbbc edx=72a40000 esi=7ffde000 edi=0029f708
eip=774e70f4 esp=0029f5e4 ebp=0029f61c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffde000 edi=0029f708
eip=774e70f4 esp=0029f5e4 ebp=0029f61c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=0029f1d4 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffde000 edi=0029f368
eip=774e70f4 esp=0029f244 ebp=0029f27c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffde000 edi=001ef2dc
eip=774e70f4 esp=001ef1b8 ebp=001ef1f0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffde000 edi=001ef2dc
eip=774e70f4 esp=001ef1b8 ebp=001ef1f0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffde000 edi=0029efc8
eip=774e70f4 esp=0029eea4 ebp=0029eedc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0021fa20 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0021fa24=00000000
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffde000 edi=001eef3c
eip=774e70f4 esp=001eee18 ebp=001eee50 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffde000 edi=0029ec28
eip=774e70f4 esp=0029eb04 ebp=0029eb3c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffdf000 edi=0016f0ec
eip=774e70f4 esp=0016efc8 ebp=0016f000 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffd3000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=001afca4 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:001afca8=00000000
(e54.a48): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffde000 edi=001cf04c
eip=774e70f4 esp=001cef28 ebp=001cef60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffd7000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0024f810 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0024f814=00000000
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffdd000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=002cf924 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:002cf928=00000000
ModLoad: 74020000 74029000 C:\Windows\system32\LINKINFO.dll
<---- EVENT: handle internal ld ---->
eax=0602d3c8 ebx=ffffffff ecx=eeafd577 edx=000000a9 esi=05a5d250 edi=05a5d234
eip=774e70f4 esp=05a5d070 ebp=05a5d104 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=7762924d ebx=00000000 ecx=00000523 edx=76493f70 esi=7ffde000 edi=001ced20
eip=774e70f4 esp=001cebfc ebp=001cec34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=7762bf71 ebx=00000000 ecx=77623600 edx=77620000 esi=7ffde000 edi=001ef2dc
eip=774e70f4 esp=001ef1b8 ebp=001ef1f0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffde000 edi=001ced20
eip=774e70f4 esp=001cebfc ebp=001cec34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755430cb ebx=00000000 ecx=0000008c edx=75540055 esi=7ffde000 edi=001ced20
eip=774e70f4 esp=001cebfc ebp=001cec34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffde000 edi=001eeb58
eip=774e70f4 esp=001eea34 ebp=001eea6c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0021fa20 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0021fa24=00000000
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffd7000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0024f810 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0024f814=00000000
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffde000 edi=001ee7b8
eip=774e70f4 esp=001ee694 ebp=001ee6cc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffde000 edi=0029e8fc
eip=774e70f4 esp=0029e7d8 ebp=0029e810 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffde000 edi=0029f708
eip=774e70f4 esp=0029f5e4 ebp=0029f61c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=00000777 ebx=00000000 ecx=0227fe30 edx=000009a5 esi=7ffde000 edi=001ced20
eip=774e70f4 esp=001cebfc ebp=001cec34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=00892768 edx=007d5b28 esi=7ffdf000 edi=002cf2bc
eip=774e70f4 esp=002cf198 ebp=002cf1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffde000 edi=001ced20
eip=774e70f4 esp=001cebfc ebp=001cec34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75050000 75088000 C:\Windows\system32\ncrypt.dll
<---- EVENT: handle internal ld ---->
eax=09b60000 ebx=ffffffff ecx=00010000 edx=774e70f4 esi=03e5f338 edi=03e5f31c
eip=774e70f4 esp=03e5f158 ebp=03e5f1ec iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=0014ecd0 ebx=00000000 ecx=0000000f edx=00000000 esi=7ffdf000 edi=0014f0d4
eip=774e70f4 esp=0014efb0 ebp=0014efe8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75030000 75047000 C:\Windows\system32\bcrypt.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=ffffffff ecx=0000000d edx=0000004e esi=03e5ef98 edi=03e5ef7c
eip=774e70f4 esp=03e5edb8 ebp=03e5ee4c iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74c00000 74c3d000 C:\Windows\system32\bcryptprimitives.dll
<---- EVENT: handle internal ld ---->
eax=038c1940 ebx=ffffffff ecx=b61e7584 edx=0000012e esi=03e5f300 edi=03e5f2e4
eip=774e70f4 esp=03e5f120 ebp=03e5f1b4 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffde000 edi=0029f708
eip=774e70f4 esp=0029f5e4 ebp=0029f61c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=0016eb60 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffdf000 edi=0016ed4c
eip=774e70f4 esp=0016ec28 ebp=0016ec60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=0016f6a8 ebx=00000000 ecx=0000005c edx=02134f40 esi=7ffdf000 edi=0016f744
eip=774e70f4 esp=0016f620 ebp=0016f658 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffdf000 edi=0016f744
eip=774e70f4 esp=0016f620 ebp=0016f658 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=0016f210 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=0016f3a4
eip=774e70f4 esp=0016f280 ebp=0016f2b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffdf000 edi=0016f004
eip=774e70f4 esp=0016eee0 ebp=0016ef18 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffdf000 edi=0016ec64
eip=774e70f4 esp=0016eb40 ebp=0016eb78 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffdf000 edi=0016e938
eip=774e70f4 esp=0016e814 ebp=0016e84c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffdf000 edi=0016f744
eip=774e70f4 esp=0016f620 ebp=0016f658 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 713c0000 713dc000 C:\Windows\system32\cryptnet.dll
<---- EVENT: handle internal ld ---->
eax=0987efbc ebx=ffffffff ecx=00000004 edx=00000000 esi=0987f254 edi=0987f238
eip=774e70f4 esp=0987f074 ebp=0987f108 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=001ef8c4 edx=01052994 esi=7ffde000 edi=001ef6d0
eip=774e70f4 esp=001ef5ac ebp=001ef5e4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffde000 edi=001ee82c
eip=774e70f4 esp=001ee708 ebp=001ee740 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffde000 edi=001ef3f8
eip=774e70f4 esp=001ef2d4 ebp=001ef30c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffde000 edi=0029f368
eip=774e70f4 esp=0029f244 ebp=0029f27c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=7762bf71 ebx=00000000 ecx=77623600 edx=77620000 esi=7ffde000 edi=0029f708
eip=774e70f4 esp=0029f5e4 ebp=0029f61c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffde000 edi=0029ef84
eip=774e70f4 esp=0029ee60 ebp=0029ee98 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffde000 edi=0029ebe4
eip=774e70f4 esp=0029eac0 ebp=0029eaf8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffdf000 edi=0016f744
eip=774e70f4 esp=0016f620 ebp=0016f658 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=005d2d80 edx=00461728 esi=7ffdf000 edi=001af63c
eip=774e70f4 esp=001af518 ebp=001af550 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffdf000 edi=001af29c
eip=774e70f4 esp=001af178 ebp=001af1b0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=005d5000 ebx=00000000 ecx=005d4fe8 edx=00001000 esi=7ffdf000 edi=001af4bc
eip=774e70f4 esp=001af398 ebp=001af3d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffdf000 edi=001af190
eip=774e70f4 esp=001af06c ebp=001af0a4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffdf000 edi=001aee64
eip=774e70f4 esp=001aed40 ebp=001aed78 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffdf000 edi=001aee64
eip=774e70f4 esp=001aed40 ebp=001aed78 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=001ae8d8 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffdf000 edi=001aeac4
eip=774e70f4 esp=001ae9a0 ebp=001ae9d8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=005d6000 ebx=00000000 ecx=005d5fe8 edx=00001000 esi=7ffdf000 edi=001af4bc
eip=774e70f4 esp=001af398 ebp=001af3d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffdf000 edi=001af4bc
eip=774e70f4 esp=001af398 ebp=001af3d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=001aef88 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=001af11c
eip=774e70f4 esp=001aeff8 ebp=001af030 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffdf000 edi=001aed7c
eip=774e70f4 esp=001aec58 ebp=001aec90 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffdf000 edi=001ae9dc
eip=774e70f4 esp=001ae8b8 ebp=001ae8f0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffdf000 edi=001ae6b0
eip=774e70f4 esp=001ae58c ebp=001ae5c4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=006af01c ebx=00000000 ecx=006a0000 edx=006af01c esi=7ffde000 edi=001ef618
eip=774e70f4 esp=001ef4f4 ebp=001ef52c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffde000 edi=001ef2ec
eip=774e70f4 esp=001ef1c8 ebp=001ef200 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75aef165 ebx=00000000 ecx=00000513 edx=75a30057 esi=7ffde000 edi=001eefc0
eip=774e70f4 esp=001eee9c ebp=001eeed4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffde000 edi=001eefc0
eip=774e70f4 esp=001eee9c ebp=001eeed4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755430cb ebx=00000000 ecx=0000008c edx=75540055 esi=7ffde000 edi=001eefc0
eip=774e70f4 esp=001eee9c ebp=001eeed4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755323a2 ebx=00000000 ecx=0000004d edx=75530053 esi=7ffde000 edi=001eefc0
eip=774e70f4 esp=001eee9c ebp=001eeed4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=0029fcf4 edx=01052994 esi=7ffde000 edi=0029fb00
eip=774e70f4 esp=0029f9dc ebp=0029fa14 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffde000 edi=0029ec58
eip=774e70f4 esp=0029eb34 ebp=0029eb6c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffde000 edi=0029f828
eip=774e70f4 esp=0029f704 ebp=0029f73c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=000011d8 ebx=00000000 ecx=001eee28 edx=001f0000 esi=7ffde000 edi=001eefc0
eip=774e70f4 esp=001eee9c ebp=001eeed4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffde000 edi=001eefa8
eip=774e70f4 esp=001eee84 ebp=001eeebc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=004b0164 ebx=00000000 ecx=0000007f edx=004b0000 esi=7ffde000 edi=001eefc0
eip=774e70f4 esp=001eee9c ebp=001eeed4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffde000 edi=001ef2ec
eip=774e70f4 esp=001ef1c8 ebp=001ef200 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffde000 edi=001ef2ec
eip=774e70f4 esp=001ef1c8 ebp=001ef200 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffde000 edi=001ef2ec
eip=774e70f4 esp=001ef1c8 ebp=001ef200 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=001ee5e4 ebx=00000000 ecx=00000016 edx=00000000 esi=7ffde000 edi=001eef4c
eip=774e70f4 esp=001eee28 ebp=001eee60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffde000 edi=001ef2ec
eip=774e70f4 esp=001ef1c8 ebp=001ef200 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=64dfd24c ebx=00000000 ecx=64dfd24e edx=775f0000 esi=7ffde000 edi=001ef2ec
eip=774e70f4 esp=001ef1c8 ebp=001ef200 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffde000 edi=001eef4c
eip=774e70f4 esp=001eee28 ebp=001eee60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffde000 edi=001ef2ec
eip=774e70f4 esp=001ef1c8 ebp=001ef200 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=001f0001 ebx=00000000 ecx=001eea9c edx=001eea8c esi=7ffde000 edi=001eef4c
eip=774e70f4 esp=001eee28 ebp=001eee60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=001eeaec ebx=00000000 ecx=00000007 edx=001f0080 esi=7ffde000 edi=001eef4c
eip=774e70f4 esp=001eee28 ebp=001eee60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffde000 edi=001ef2ec
eip=774e70f4 esp=001ef1c8 ebp=001ef200 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=75a16000 ebx=00000000 ecx=75a16002 edx=774a0000 esi=7ffde000 edi=001ef2ec
eip=774e70f4 esp=001ef1c8 ebp=001ef200 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=0000031a ebx=00000000 ecx=774df364 edx=75244c52 esi=7ffde000 edi=001ef2d4
eip=774e70f4 esp=001ef1b0 ebp=001ef1e8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6ded0000 6df1f000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libexif.dll
<---- EVENT: handle internal ld ---->
eax=65248050 ebx=00000000 ecx=655a824c edx=00f8c088 esi=7ffde000 edi=001ef25c
eip=774e70f4 esp=001ef138 ebp=001ef170 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=64ec60a0 ebx=00000000 ecx=001e005c edx=00000002 esi=7ffde000 edi=001ef398
eip=774e70f4 esp=001ef274 ebp=001ef2ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=001eee80 ebx=00000000 ecx=0000000a edx=00000000 esi=7ffde000 edi=001ef2bc
eip=774e70f4 esp=001ef198 ebp=001ef1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(95c.83c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffdf000 edi=0016f3a4
eip=774e70f4 esp=0016f280 ebp=0016f2b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=ffffffe8 edx=0016f1d4 esi=7ffdf000 edi=0016f744
eip=774e70f4 esp=0016f620 ebp=0016f658 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=774e7f18 ebx=00000000 ecx=001af3f0 edx=00000002 esi=7ffdf000 edi=001af4bc
eip=774e70f4 esp=001af398 ebp=001af3d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=00000001 ebx=00000000 ecx=00000470 edx=01053a49 esi=7ffdf000 edi=001af4bc
eip=774e70f4 esp=001af398 ebp=001af3d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffdf000 edi=001af11c
eip=774e70f4 esp=001aeff8 ebp=001af030 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=000004fc edx=755f1900 esi=7ffdf000 edi=001af4bc
eip=774e70f4 esp=001af398 ebp=001af3d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffde000 edi=001ced08
eip=774e70f4 esp=001cebe4 ebp=001cec1c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6b640000 6b6b9000 C:\Windows\system32\mscms.dll
<---- EVENT: handle internal ld ---->
eax=0ad7f064 ebx=ffffffff ecx=0ad70000 edx=0ad7f064 esi=05e0e718 edi=05e0e6fc
eip=774e70f4 esp=05e0e538 ebp=05e0e5cc iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=77612010 ebx=00000000 ecx=77612000 edx=fffffffe esi=7ffde000 edi=001ced20
eip=774e70f4 esp=001cebfc ebp=001cec34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(95c.9a4): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffdf000 edi=0027eb84
eip=774e70f4 esp=0027ea60 ebp=0027ea98 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffde000 edi=001cf04c
eip=774e70f4 esp=001cef28 ebp=001cef60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffdf000 edi=0027e7e4
eip=774e70f4 esp=0027e6c0 ebp=0027e6f8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=75aebe1b ebx=00000000 ecx=00000268 edx=64dfd647 esi=7ffde000 edi=001cf04c
eip=774e70f4 esp=001cef28 ebp=001cef60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffdf000 edi=002cef1c
eip=774e70f4 esp=002cedf8 ebp=002cee30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffde000 edi=001cf04c
eip=774e70f4 esp=001cef28 ebp=001cef60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=0027f8f4 edx=01052994 esi=7ffdf000 edi=0027f700
eip=774e70f4 esp=0027f5dc ebp=0027f614 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffdf000 edi=0016efc0
eip=774e70f4 esp=0016ee9c ebp=0016eed4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=001ce344 ebx=00000000 ecx=00000016 edx=00000000 esi=7ffde000 edi=001cecac
eip=774e70f4 esp=001ceb88 ebp=001cebc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffde000 edi=001cf04c
eip=774e70f4 esp=001cef28 ebp=001cef60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffdf000 edi=0027e858
eip=774e70f4 esp=0027e734 ebp=0027e76c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffde000 edi=001cf04c
eip=774e70f4 esp=001cef28 ebp=001cef60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffdf000 edi=0027f428
eip=774e70f4 esp=0027f304 ebp=0027f33c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=fffffff9 edx=001cee7c esi=7ffde000 edi=001cecac
eip=774e70f4 esp=001ceb88 ebp=001cebc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffd7000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=001ffdc0 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:001ffdc4=00000000
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffde000 edi=001cf04c
eip=774e70f4 esp=001cef28 ebp=001cef60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=007f1ff4 ebx=00000000 ecx=007f0000 edx=007f1ff4 esi=7ffdf000 edi=002cf13c
eip=774e70f4 esp=002cf018 ebp=002cf050 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffdf000 edi=002cee10
eip=774e70f4 esp=002cecec ebp=002ced24 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffde000 edi=001cecac
eip=774e70f4 esp=001ceb88 ebp=001cebc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffdf000 edi=002ceae4
eip=774e70f4 esp=002ce9c0 ebp=002ce9f8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=02282100 ebx=00000000 ecx=021f0000 edx=021f0000 esi=7ffde000 edi=001cecac
eip=774e70f4 esp=001ceb88 ebp=001cebc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffdf000 edi=002ceae4
eip=774e70f4 esp=002ce9c0 ebp=002ce9f8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffdf000 edi=0016ec20
eip=774e70f4 esp=0016eafc ebp=0016eb34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffde000 edi=001cf04c
eip=774e70f4 esp=001cef28 ebp=001cef60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=00c2f01c ebx=00000000 ecx=00c20000 edx=00c2f01c esi=7ffdf000 edi=0027f644
eip=774e70f4 esp=0027f520 ebp=0027f558 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=00cef01c ebx=00000000 ecx=00ce0000 edx=00cef01c esi=7ffde000 edi=0029fa44
eip=774e70f4 esp=0029f920 ebp=0029f958 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=75a16000 ebx=00000000 ecx=75a16002 edx=774a0000 esi=7ffde000 edi=001cf04c
eip=774e70f4 esp=001cef28 ebp=001cef60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=002ce558 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffdf000 edi=002ce744
eip=774e70f4 esp=002ce620 ebp=002ce658 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=774d404d ebx=00000000 ecx=774d7fbc edx=774a0000 esi=7ffde000 edi=001cf034
eip=774e70f4 esp=001cef10 ebp=001cef48 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffdf000 edi=0027f318
eip=774e70f4 esp=0027f1f4 ebp=0027f22c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(95c.efc): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffde000 edi=0029f718
eip=774e70f4 esp=0029f5f4 ebp=0029f62c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=7762924d ebx=00000000 ecx=00000523 edx=76493f70 esi=7ffde000 edi=0029f3ec
eip=774e70f4 esp=0029f2c8 ebp=0029f300 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffdd000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0012f894 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0012f898=00000000
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=7762924d ebx=00000000 ecx=00000523 edx=76493f70 esi=7ffdf000 edi=0027efec
eip=774e70f4 esp=0027eec8 ebp=0027ef00 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffde000 edi=0029f3ec
eip=774e70f4 esp=0029f2c8 ebp=0029f300 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=000008d4 ebx=00000000 ecx=0029f72c edx=002a0000 esi=7ffde000 edi=0029f3ec
eip=774e70f4 esp=0029f2c8 ebp=0029f300 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffdf000 edi=0027efec
eip=774e70f4 esp=0027eec8 ebp=0027ef00 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=72a5502f ebx=00000000 ecx=72a5cbbc edx=72a40000 esi=7ffdf000 edi=002cf13c
eip=774e70f4 esp=002cf018 ebp=002cf050 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffdd000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=002cf900 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:002cf904=00000000
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755430cb ebx=00000000 ecx=0000008c edx=75540055 esi=7ffdf000 edi=0027efec
eip=774e70f4 esp=0027eec8 ebp=0027ef00 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffdf000 edi=002cf13c
eip=774e70f4 esp=002cf018 ebp=002cf050 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6ded0000 6df1f000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libexif.dll
<---- EVENT: handle internal ld ---->
eax=65248050 ebx=00000000 ecx=655a824c edx=02f4c088 esi=7ffde000 edi=001cefbc
eip=774e70f4 esp=001cee98 ebp=001ceed0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=0000001b ebx=00000000 ecx=7ffd064c edx=00000000 esi=7ffdf000 edi=0027efec
eip=774e70f4 esp=0027eec8 ebp=0027ef00 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=64ec60a0 ebx=00000000 ecx=001c005c edx=00000002 esi=7ffde000 edi=001cf0f8
eip=774e70f4 esp=001cefd4 ebp=001cf00c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffdf000 edi=0027efec
eip=774e70f4 esp=0027eec8 ebp=0027ef00 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=001cebe0 ebx=00000000 ecx=0000000a edx=00000000 esi=7ffde000 edi=001cf01c
eip=774e70f4 esp=001ceef8 ebp=001cef30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffdf000 edi=0027efd4
eip=774e70f4 esp=0027eeb0 ebp=0027eee8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(da8.b88): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=77612010 ebx=00000000 ecx=77612000 edx=fffffffe esi=7ffdf000 edi=0027efec
eip=774e70f4 esp=0027eec8 ebp=0027ef00 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffdf000 edi=0027f318
eip=774e70f4 esp=0027f1f4 ebp=0027f22c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=002cec08 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=002ced9c
eip=774e70f4 esp=002cec78 ebp=002cecb0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffdf000 edi=0027f318
eip=774e70f4 esp=0027f1f4 ebp=0027f22c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffdf000 edi=002ce9fc
eip=774e70f4 esp=002ce8d8 ebp=002ce910 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffdf000 edi=0027f318
eip=774e70f4 esp=0027f1f4 ebp=0027f22c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffdf000 edi=002ce65c
eip=774e70f4 esp=002ce538 ebp=002ce570 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=0027e610 ebx=00000000 ecx=00000016 edx=00000000 esi=7ffdf000 edi=0027ef78
eip=774e70f4 esp=0027ee54 ebp=0027ee8c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffdf000 edi=002ce330
eip=774e70f4 esp=002ce20c ebp=002ce244 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=75aeeacd ebx=00000000 ecx=000004c0 edx=75896a53 esi=7ffdf000 edi=0027f318
eip=774e70f4 esp=0027f1f4 ebp=0027f22c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffdf000 edi=002cf13c
eip=774e70f4 esp=002cf018 ebp=002cf050 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffdf000 edi=0027f318
eip=774e70f4 esp=0027f1f4 ebp=0027f22c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffdf000 edi=002cf13c
eip=774e70f4 esp=002cf018 ebp=002cf050 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(da8.9d8): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=00000002 edx=00000000 esi=7ffde000 edi=0029f3ec
eip=774e70f4 esp=0029f2c8 ebp=0029f300 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(e54.b44): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(95c.5b8): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffdf000 edi=0027ef78
eip=774e70f4 esp=0027ee54 ebp=0027ee8c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffdf000 edi=0027f318
eip=774e70f4 esp=0027f1f4 ebp=0027f22c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffdf000 edi=0027ef78
eip=774e70f4 esp=0027ee54 ebp=0027ee8c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffdf000 edi=002ced9c
eip=774e70f4 esp=002cec78 ebp=002cecb0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=774d5340 ebx=00000000 ecx=774d7ff4 edx=774a0000 esi=7ffdf000 edi=0027ef78
eip=774e70f4 esp=0027ee54 ebp=0027ee8c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=7762bf71 ebx=00000000 ecx=77623600 edx=77620000 esi=7ffdf000 edi=002cf13c
eip=774e70f4 esp=002cf018 ebp=002cf050 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffdf000 edi=0027f318
eip=774e70f4 esp=0027f1f4 ebp=0027f22c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffde000 edi=0029f3ec
eip=774e70f4 esp=0029f2c8 ebp=0029f300 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffde000 edi=0029f3d4
eip=774e70f4 esp=0029f2b0 ebp=0029f2e8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=75a16000 ebx=00000000 ecx=75a16002 edx=774a0000 esi=7ffdf000 edi=0027f318
eip=774e70f4 esp=0027f1f4 ebp=0027f22c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffdf000 edi=002ce9b8
eip=774e70f4 esp=002ce894 ebp=002ce8cc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=774d404d ebx=00000000 ecx=774d7fbc edx=774a0000 esi=7ffdf000 edi=0027f300
eip=774e70f4 esp=0027f1dc ebp=0027f214 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(da8.ea8): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffdf000 edi=002ce618
eip=774e70f4 esp=002ce4f4 ebp=002ce52c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=008e2d80 edx=007f3728 esi=7ffdf000 edi=001ff758
eip=774e70f4 esp=001ff634 ebp=001ff66c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(e54.894): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=00712d80 edx=006e3f28 esi=7ffde000 edi=0021f3b8
eip=774e70f4 esp=0021f294 ebp=0021f2cc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=00004000 ebx=00000000 ecx=0000003b edx=00010000 esi=7ffdf000 edi=002cf530
eip=774e70f4 esp=002cf40c ebp=002cf444 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(da8.f68): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(95c.dac): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=77612010 ebx=00000000 ecx=77612000 edx=fffffffe esi=7ffde000 edi=0029f3ec
eip=774e70f4 esp=0029f2c8 ebp=0029f300 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffdf000 edi=002ce68c
eip=774e70f4 esp=002ce568 ebp=002ce5a0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffdf000 edi=001ff3b8
eip=774e70f4 esp=001ff294 ebp=001ff2cc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6ded0000 6df1f000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libexif.dll
<---- EVENT: handle internal ld ---->
eax=65248050 ebx=00000000 ecx=655a824c edx=0286c088 esi=7ffdf000 edi=0027f28c
eip=774e70f4 esp=0027f168 ebp=0027f1a0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(da8.f10): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(e54.a64): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffde000 edi=0029f718
eip=774e70f4 esp=0029f5f4 ebp=0029f62c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffde000 edi=0029f718
eip=774e70f4 esp=0029f5f4 ebp=0029f62c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=00d7f98c ebx=00000000 ecx=b24038d7 edx=0000016d esi=7ffdf000 edi=0027f3c4
eip=774e70f4 esp=0027f2a0 ebp=0027f2d8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffde000 edi=0029f718
eip=774e70f4 esp=0029f5f4 ebp=0029f62c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=0029ea10 ebx=00000000 ecx=00000016 edx=00000000 esi=7ffde000 edi=0029f378
eip=774e70f4 esp=0029f254 ebp=0029f28c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=0016fd2c edx=01052994 esi=7ffdf000 edi=0016fb38
eip=774e70f4 esp=0016fa14 ebp=0016fa4c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=0027eea8 ebx=00000000 ecx=0000000a edx=00000000 esi=7ffdf000 edi=0027f2e4
eip=774e70f4 esp=0027f1c0 ebp=0027f1f8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffdf000 edi=002cf258
eip=774e70f4 esp=002cf134 ebp=002cf16c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(ed4.fa0): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=008e5000 ebx=00000000 ecx=008e4fe8 edx=00001000 esi=7ffdf000 edi=001ff5d8
eip=774e70f4 esp=001ff4b4 ebp=001ff4ec iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffde000 edi=0029f718
eip=774e70f4 esp=0029f5f4 ebp=0029f62c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(ed4.db8): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000309 ebx=00000000 ecx=00000000 edx=75f04100 esi=7ffde000 edi=0029f718
eip=774e70f4 esp=0029f5f4 ebp=0029f62c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=ffffffff ebx=00000000 ecx=000003dd edx=75727147 esi=7ffde000 edi=0029f378
eip=774e70f4 esp=0029f254 ebp=0029f28c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffde000 edi=0021f018
eip=774e70f4 esp=0021eef4 ebp=0021ef2c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffdd000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=002cf900 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:002cf904=00000000
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffdf000 edi=001ff2ac
eip=774e70f4 esp=001ff188 ebp=001ff1c0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffdd000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0012f894 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0012f898=00000000
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffde000 edi=0029f718
eip=774e70f4 esp=0029f5f4 ebp=0029f62c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffdf000 edi=001fef80
eip=774e70f4 esp=001fee5c ebp=001fee94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=00bf2768 edx=00b54728 esi=7ffdf000 edi=0012f22c
eip=774e70f4 esp=0012f108 ebp=0012f140 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(e54.b24): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffde000 edi=0029f378
eip=774e70f4 esp=0029f254 ebp=0029f28c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffdf000 edi=001fef80
eip=774e70f4 esp=001fee5c ebp=001fee94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=005e2100 ebx=00000000 ecx=00550000 edx=00550000 esi=7ffde000 edi=0029f378
eip=774e70f4 esp=0029f254 ebp=0029f28c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=001fe9f4 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffdf000 edi=001febe0
eip=774e70f4 esp=001feabc ebp=001feaf4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=00715000 ebx=00000000 ecx=00714fe8 edx=00001000 esi=7ffde000 edi=0021f238
eip=774e70f4 esp=0021f114 ebp=0021f14c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=008e6000 ebx=00000000 ecx=008e5fe8 edx=00001000 esi=7ffdf000 edi=001ff5d8
eip=774e70f4 esp=001ff4b4 ebp=001ff4ec iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=75ae9fd9 ebx=00000000 ecx=000000f3 edx=72a5cf45 esi=7ffde000 edi=0021ef0c
eip=774e70f4 esp=0021ede8 ebp=0021ee20 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffde000 edi=0021ebe0
eip=774e70f4 esp=0021eabc ebp=0021eaf4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffde000 edi=0029f718
eip=774e70f4 esp=0029f5f4 ebp=0029f62c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffdf000 edi=001ff5d8
eip=774e70f4 esp=001ff4b4 ebp=001ff4ec iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=001ff0a4 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=001ff238
eip=774e70f4 esp=001ff114 ebp=001ff14c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(ed4.ffc): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffdf000 edi=001fee98
eip=774e70f4 esp=001fed74 ebp=001fedac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=0088f01c ebx=00000000 ecx=00880000 edx=0088f01c esi=7ffdf000 edi=002cf478
eip=774e70f4 esp=002cf354 ebp=002cf38c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=00550150 ebx=00000000 ecx=005a9cc0 edx=0055057c esi=7ffde000 edi=0029f718
eip=774e70f4 esp=0029f5f4 ebp=0029f62c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffdf000 edi=001feaf8
eip=774e70f4 esp=001fe9d4 ebp=001fea0c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffdf000 edi=002cf14c
eip=774e70f4 esp=002cf028 ebp=002cf060 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffdf000 edi=001fe7cc
eip=774e70f4 esp=001fe6a8 ebp=001fe6e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=7762924d ebx=00000000 ecx=00000523 edx=76493f70 esi=7ffdf000 edi=002cee20
eip=774e70f4 esp=002cecfc ebp=002ced34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffdf000 edi=001ff5d8
eip=774e70f4 esp=001ff4b4 ebp=001ff4ec iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffdf000 edi=002cee20
eip=774e70f4 esp=002cecfc ebp=002ced34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffdf000 edi=001ff5d8
eip=774e70f4 esp=001ff4b4 ebp=001ff4ec iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(ed4.fb8): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=774d404d ebx=00000000 ecx=774d7fbc edx=774a0000 esi=7ffde000 edi=0029f700
eip=774e70f4 esp=0029f5dc ebp=0029f614 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffdf000 edi=0016ec94
eip=774e70f4 esp=0016eb70 ebp=0016eba8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755430cb ebx=00000000 ecx=0000008c edx=75540055 esi=7ffdf000 edi=002cee20
eip=774e70f4 esp=002cecfc ebp=002ced34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(e54.fac): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffdf000 edi=001ff238
eip=774e70f4 esp=001ff114 ebp=001ff14c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755323a2 ebx=00000000 ecx=0000004d edx=75530053 esi=7ffdf000 edi=002cee20
eip=774e70f4 esp=002cecfc ebp=002ced34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(ed4.ef8): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=0000ffff ebx=00000000 ecx=00000007 edx=0091ffb3 esi=7ffdf000 edi=002cee20
eip=774e70f4 esp=002cecfc ebp=002ced34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=010ae5b0 ebx=00000000 ecx=00000001 edx=00001c86 esi=7ffdf000 edi=001ff5d8
eip=774e70f4 esp=001ff4b4 ebp=001ff4ec iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6ded0000 6df1f000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libexif.dll
<---- EVENT: handle internal ld ---->
eax=0029f464 ebx=00000000 ecx=00000009 edx=00000000 esi=7ffde000 edi=0029f68c
eip=774e70f4 esp=0029f568 ebp=0029f5a0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffdf000 edi=002cee08
eip=774e70f4 esp=002cece4 ebp=002ced1c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffde000 edi=0021ebe0
eip=774e70f4 esp=0021eabc ebp=0021eaf4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=77612010 ebx=00000000 ecx=77612000 edx=fffffffe esi=7ffdf000 edi=002cee20
eip=774e70f4 esp=002cecfc ebp=002ced34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffdf000 edi=001fee54
eip=774e70f4 esp=001fed30 ebp=001fed68 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffdf000 edi=002cf14c
eip=774e70f4 esp=002cf028 ebp=002cf060 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffdf000 edi=001feab4
eip=774e70f4 esp=001fe990 ebp=001fe9c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=0000000c edx=00000001 esi=7ffde000 edi=0029f7c4
eip=774e70f4 esp=0029f6a0 ebp=0029f6d8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffdf000 edi=0016f860
eip=774e70f4 esp=0016f73c ebp=0016f774 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(e54.ff4): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffdf000 edi=002cf14c
eip=774e70f4 esp=002cf028 ebp=002cf060 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=0029f5f4 ebx=00000000 ecx=00000003 edx=00000000 esi=7ffde000 edi=0029f6e4
eip=774e70f4 esp=0029f5c0 ebp=0029f5f8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffdf000 edi=002cf14c
eip=774e70f4 esp=002cf028 ebp=002cf060 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=003d2d80 edx=00137f28 esi=7ffdf000 edi=0024f1a8
eip=774e70f4 esp=0024f084 ebp=0024f0bc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(e54.e78): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=002ce444 ebx=00000000 ecx=00000016 edx=00000000 esi=7ffdf000 edi=002cedac
eip=774e70f4 esp=002cec88 ebp=002cecc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=0021e654 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffde000 edi=0021e840
eip=774e70f4 esp=0021e71c ebp=0021e754 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffdf000 edi=002cf14c
eip=774e70f4 esp=002cf028 ebp=002cf060 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=001ffbc4 edx=01052994 esi=7ffdf000 edi=001ff9d0
eip=774e70f4 esp=001ff8ac ebp=001ff8e4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffdf000 edi=002cf14c
eip=774e70f4 esp=002cf028 ebp=002cf060 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffdf000 edi=001feb28
eip=774e70f4 esp=001fea04 ebp=001fea3c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffdf000 edi=002cedac
eip=774e70f4 esp=002cec88 ebp=002cecc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffdf000 edi=001ff6f8
eip=774e70f4 esp=001ff5d4 ebp=001ff60c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffdf000 edi=002cf14c
eip=774e70f4 esp=002cf028 ebp=002cf060 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=00716000 ebx=00000000 ecx=00715fe8 edx=00001000 esi=7ffde000 edi=0021f238
eip=774e70f4 esp=0021f114 ebp=0021f14c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffdf000 edi=002cedac
eip=774e70f4 esp=002cec88 ebp=002cecc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffde000 edi=0021f238
eip=774e70f4 esp=0021f114 ebp=0021f14c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=00922100 ebx=00000000 ecx=00890000 edx=00890000 esi=7ffdf000 edi=002cedac
eip=774e70f4 esp=002cec88 ebp=002cecc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=0021ed04 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffde000 edi=0021ee98
eip=774e70f4 esp=0021ed74 ebp=0021edac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffdf000 edi=002cf14c
eip=774e70f4 esp=002cf028 ebp=002cf060 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(ed0.a84): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=00000012 ebx=00000000 ecx=002cf1ac edx=008943ac esi=7ffdf000 edi=002cf14c
eip=774e70f4 esp=002cf028 ebp=002cf060 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffde000 edi=0021eaf8
eip=774e70f4 esp=0021e9d4 ebp=0021ea0c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffdf000 edi=001aed38
eip=774e70f4 esp=001aec14 ebp=001aec4c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=774d404d ebx=00000000 ecx=774d7fbc edx=774a0000 esi=7ffdf000 edi=002cf134
eip=774e70f4 esp=002cf010 ebp=002cf048 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(ed0.bc4): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffde000 edi=0021e758
eip=774e70f4 esp=0021e634 ebp=0021e66c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffdf000 edi=0012ee8c
eip=774e70f4 esp=0012ed68 ebp=0012eda0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffdf000 edi=001ae998
eip=774e70f4 esp=001ae874 ebp=001ae8ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffde000 edi=0021e42c
eip=774e70f4 esp=0021e308 ebp=0021e340 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffde000 edi=0021f238
eip=774e70f4 esp=0021f114 ebp=0021f14c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffde000 edi=0021f238
eip=774e70f4 esp=0021f114 ebp=0021f14c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6ded0000 6df1f000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libexif.dll
<---- EVENT: handle internal ld ---->
eax=65248050 ebx=00000000 ecx=655a824c edx=00d3c088 esi=7ffdf000 edi=002cf0bc
eip=774e70f4 esp=002cef98 ebp=002cefd0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffde000 edi=0021ee98
eip=774e70f4 esp=0021ed74 ebp=0021edac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=010a6560 ebx=00000000 ecx=00003ebc edx=00000c7c esi=7ffdf000 edi=002cf1f8
eip=774e70f4 esp=002cf0d4 ebp=002cf10c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=00b0f01c ebx=00000000 ecx=00b00000 edx=00b0f01c esi=7ffdf000 edi=001ff914
eip=774e70f4 esp=001ff7f0 ebp=001ff828 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=002cece0 ebx=00000000 ecx=0000000a edx=00000000 esi=7ffdf000 edi=002cf11c
eip=774e70f4 esp=002ceff8 ebp=002cf030 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffdf000 edi=001ff5e8
eip=774e70f4 esp=001ff4c4 ebp=001ff4fc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=0024ec90 ebx=00000000 ecx=0024ee64 edx=00000000 esi=7ffdf000 edi=0024ee08
eip=774e70f4 esp=0024ece4 ebp=0024ed1c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=003d5000 ebx=00000000 ecx=003d4fe8 edx=00001000 esi=7ffdf000 edi=0024f028
eip=774e70f4 esp=0024ef04 ebp=0024ef3c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(7d4.b5c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=ffffffff ebx=00000000 ecx=00000453 edx=76494361 esi=7ffdf000 edi=001ff2bc
eip=774e70f4 esp=001ff198 ebp=001ff1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=001afaa4 edx=01052994 esi=7ffdf000 edi=001af8b0
eip=774e70f4 esp=001af78c ebp=001af7c4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=75aeb6c2 ebx=00000000 ecx=00000212 edx=72a5d365 esi=7ffdf000 edi=0024ecfc
eip=774e70f4 esp=0024ebd8 ebp=0024ec10 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffdf000 edi=001ff2bc
eip=774e70f4 esp=001ff198 ebp=001ff1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=7762bf71 ebx=00000000 ecx=77623600 edx=77620000 esi=7ffde000 edi=0021f238
eip=774e70f4 esp=0021f114 ebp=0021f14c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755430cb ebx=00000000 ecx=0000008c edx=75540055 esi=7ffdf000 edi=001ff2bc
eip=774e70f4 esp=001ff198 ebp=001ff1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=008e0000 ebx=00000000 ecx=0493a8e7 edx=00000003 esi=7ffdf000 edi=001ff2bc
eip=774e70f4 esp=001ff198 ebp=001ff1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffde000 edi=0021eab4
eip=774e70f4 esp=0021e990 ebp=0021e9c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffdf000 edi=001ff2bc
eip=774e70f4 esp=001ff198 ebp=001ff1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffde000 edi=0021e714
eip=774e70f4 esp=0021e5f0 ebp=0021e628 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffdf000 edi=001ff2a4
eip=774e70f4 esp=001ff180 ebp=001ff1b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=00b71ff4 ebx=00000000 ecx=00b70000 edx=00b71ff4 esi=7ffdf000 edi=0012f0ac
eip=774e70f4 esp=0012ef88 ebp=0012efc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(7d4.888): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=001ff224 ebx=00000000 ecx=0000000a edx=00000000 esi=7ffdf000 edi=001ff2bc
eip=774e70f4 esp=001ff198 ebp=001ff1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffdf000 edi=001aea0c
eip=774e70f4 esp=001ae8e8 ebp=001ae920 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffdf000 edi=0024e9d0
eip=774e70f4 esp=0024e8ac ebp=0024e8e4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffdf000 edi=001ff5e8
eip=774e70f4 esp=001ff4c4 ebp=001ff4fc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(ed0.f04): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffdf000 edi=001ff5e8
eip=774e70f4 esp=001ff4c4 ebp=001ff4fc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000abc ebx=00000000 ecx=001af544 edx=001b0000 esi=7ffdf000 edi=001af5d8
eip=774e70f4 esp=001af4b4 ebp=001af4ec iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffdf000 edi=0024e9d0
eip=774e70f4 esp=0024e8ac ebp=0024e8e4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=00952768 edx=00883728 esi=7ffdf000 edi=002cf298
eip=774e70f4 esp=002cf174 ebp=002cf1ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffdf000 edi=001ff5e8
eip=774e70f4 esp=001ff4c4 ebp=001ff4fc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(ed0.d54): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=0081e62c ebx=00000000 ecx=00810000 edx=0081e62c esi=7ffde000 edi=0021f630
eip=774e70f4 esp=0021f50c ebp=0021f544 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=0024e444 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffdf000 edi=0024e630
eip=774e70f4 esp=0024e50c ebp=0024e544 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffdf000 edi=002ceef8
eip=774e70f4 esp=002cedd4 ebp=002cee0c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=001fed9c ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=001ff248
eip=774e70f4 esp=001ff124 ebp=001ff15c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffdf000 edi=001ff5e8
eip=774e70f4 esp=001ff4c4 ebp=001ff4fc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(7d4.e60): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffde000 edi=0021e788
eip=774e70f4 esp=0021e664 ebp=0021e69c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffdf000 edi=001ff5e8
eip=774e70f4 esp=001ff4c4 ebp=001ff4fc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffdf000 edi=001ff248
eip=774e70f4 esp=001ff124 ebp=001ff15c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffde000 edi=0021f358
eip=774e70f4 esp=0021f234 ebp=0021f26c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=000002f4 ebx=00000000 ecx=001ffd0c edx=00200000 esi=7ffdf000 edi=001ff5e8
eip=774e70f4 esp=001ff4c4 ebp=001ff4fc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00bf0150 ebx=00000000 ecx=0000007f edx=0000007f esi=7ffdf000 edi=0012ed80
eip=774e70f4 esp=0012ec5c ebp=0012ec94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffdf000 edi=0012ea54
eip=774e70f4 esp=0012e930 ebp=0012e968 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffdf000 edi=001ff248
eip=774e70f4 esp=001ff124 ebp=001ff15c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffdf000 edi=0012ea54
eip=774e70f4 esp=0012e930 ebp=0012e968 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=774d5340 ebx=00000000 ecx=774d7ff4 edx=774a0000 esi=7ffdf000 edi=001ff248
eip=774e70f4 esp=001ff124 ebp=001ff15c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=008af01c ebx=00000000 ecx=008a0000 edx=008af01c esi=7ffde000 edi=0021f574
eip=774e70f4 esp=0021f450 ebp=0021f488 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffdf000 edi=001ff5e8
eip=774e70f4 esp=001ff4c4 ebp=001ff4fc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffde000 edi=0021f248
eip=774e70f4 esp=0021f124 ebp=0021f15c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=00200001 ebx=00000000 ecx=001ff2bc edx=001ff2ac esi=7ffdf000 edi=001ff5e8
eip=774e70f4 esp=001ff4c4 ebp=001ff4fc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(7d4.d10): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=001ff048 ebx=00000000 ecx=00000003 edx=00000000 esi=7ffdf000 edi=001ff5d0
eip=774e70f4 esp=001ff4ac ebp=001ff4e4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=7762924d ebx=00000000 ecx=00000523 edx=76493f70 esi=7ffde000 edi=0021ef1c
eip=774e70f4 esp=0021edf8 ebp=0021ee30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=0012e4c8 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffdf000 edi=0012e6b4
eip=774e70f4 esp=0012e590 ebp=0012e5c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(9a8.ef4): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 6b750000 6b885000 C:\Windows\system32\dwrite.dll
<---- EVENT: handle internal ld ---->
eax=001ff800 ebx=00000000 ecx=416f4dc6 edx=00ed15a8 esi=7ffdf000 edi=001ff678
eip=774e70f4 esp=001ff554 ebp=001ff58c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffde000 edi=0021ef1c
eip=774e70f4 esp=0021edf8 ebp=0021ee30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(ed0.ac0): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(7d4.f5c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=00000090 ebx=00000000 ecx=0016fad0 edx=02136184 esi=7ffdf000 edi=0016fa80
eip=774e70f4 esp=0016f95c ebp=0016f994 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=0001c712 ebx=00000000 ecx=0000001b edx=000009a5 esi=7ffde000 edi=0021ef1c
eip=774e70f4 esp=0021edf8 ebp=0021ee30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(454.f1c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffdf000 edi=0016f754
eip=774e70f4 esp=0016f630 ebp=0016f668 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=7762924d ebx=00000000 ecx=00000523 edx=76493f70 esi=7ffdf000 edi=0016f428
eip=774e70f4 esp=0016f304 ebp=0016f33c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755323a2 ebx=00000000 ecx=0000004d edx=75530053 esi=7ffde000 edi=0021ef1c
eip=774e70f4 esp=0021edf8 ebp=0021ee30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffdf000 edi=0016f428
eip=774e70f4 esp=0016f304 ebp=0016f33c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=0000000c edx=00000000 esi=7ffdf000 edi=0016f428
eip=774e70f4 esp=0016f304 ebp=0016f33c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffde000 edi=0021ef1c
eip=774e70f4 esp=0021edf8 ebp=0021ee30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755323a2 ebx=00000000 ecx=0000004d edx=75530053 esi=7ffdf000 edi=0016f428
eip=774e70f4 esp=0016f304 ebp=0016f33c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffde000 edi=0021ef04
eip=774e70f4 esp=0021ede0 ebp=0021ee18 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=72a5502f ebx=00000000 ecx=72a5cbbc edx=72a40000 esi=7ffdf000 edi=0012f0ac
eip=774e70f4 esp=0012ef88 ebp=0012efc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffdf000 edi=0016f428
eip=774e70f4 esp=0016f304 ebp=0016f33c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffdf000 edi=0016f410
eip=774e70f4 esp=0016f2ec ebp=0016f324 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=0016f390 ebx=00000000 ecx=0000000a edx=00000000 esi=7ffdf000 edi=0016f428
eip=774e70f4 esp=0016f304 ebp=0016f33c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=0021ee84 ebx=00000000 ecx=0000000a edx=00000000 esi=7ffde000 edi=0021ef1c
eip=774e70f4 esp=0021edf8 ebp=0021ee30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffdf000 edi=0016f754
eip=774e70f4 esp=0016f630 ebp=0016f668 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffde000 edi=0021f248
eip=774e70f4 esp=0021f124 ebp=0021f15c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=000000d9 ebx=00000000 ecx=7776b3ad edx=0000021a esi=7ffdf000 edi=0016f754
eip=774e70f4 esp=0016f630 ebp=0016f668 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffde000 edi=0021f248
eip=774e70f4 esp=0021f124 ebp=0021f15c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffdf000 edi=0012f0ac
eip=774e70f4 esp=0012ef88 ebp=0012efc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffdf000 edi=0016f754
eip=774e70f4 esp=0016f630 ebp=0016f668 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=0016ef08 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=0016f3b4
eip=774e70f4 esp=0016f290 ebp=0016f2c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffde000 edi=0021f248
eip=774e70f4 esp=0021f124 ebp=0021f15c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=0012eb78 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=0012ed0c
eip=774e70f4 esp=0012ebe8 ebp=0012ec20 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffdf000 edi=0016f754
eip=774e70f4 esp=0016f630 ebp=0016f668 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=0021e9fc ebx=00000000 ecx=00000005 edx=00000000 esi=7ffde000 edi=0021eea8
eip=774e70f4 esp=0021ed84 ebp=0021edbc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffdf000 edi=0012e96c
eip=774e70f4 esp=0012e848 ebp=0012e880 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffdf000 edi=0016f754
eip=774e70f4 esp=0016f630 ebp=0016f668 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffde000 edi=0021f248
eip=774e70f4 esp=0021f124 ebp=0021f15c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffdf000 edi=0012e5cc
eip=774e70f4 esp=0012e4a8 ebp=0012e4e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffdf000 edi=0016f3b4
eip=774e70f4 esp=0016f290 ebp=0016f2c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffde000 edi=0021f248
eip=774e70f4 esp=0021f124 ebp=0021f15c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffdf000 edi=0012e2a0
eip=774e70f4 esp=0012e17c ebp=0012e1b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffde000 edi=0021eea8
eip=774e70f4 esp=0021ed84 ebp=0021edbc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffdf000 edi=0016f754
eip=774e70f4 esp=0016f630 ebp=0016f668 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffde000 edi=0021f248
eip=774e70f4 esp=0021f124 ebp=0021f15c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffdf000 edi=0012f0ac
eip=774e70f4 esp=0012ef88 ebp=0012efc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffdf000 edi=0016f3b4
eip=774e70f4 esp=0016f290 ebp=0016f2c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=774d5340 ebx=00000000 ecx=774d7ff4 edx=774a0000 esi=7ffdf000 edi=0016f3b4
eip=774e70f4 esp=0016f290 ebp=0016f2c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffdf000 edi=0016f754
eip=774e70f4 esp=0016f630 ebp=0016f668 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffde000 edi=0021eea8
eip=774e70f4 esp=0021ed84 ebp=0021edbc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffdf000 edi=0012f0ac
eip=774e70f4 esp=0012ef88 ebp=0012efc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=774d5340 ebx=00000000 ecx=774d7ff4 edx=774a0000 esi=7ffde000 edi=0021eea8
eip=774e70f4 esp=0021ed84 ebp=0021edbc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffdf000 edi=0012ed0c
eip=774e70f4 esp=0012ebe8 ebp=0012ec20 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=000000d9 ebx=00000000 ecx=7776b3ad edx=00e574a8 esi=7ffdf000 edi=0016f754
eip=774e70f4 esp=0016f630 ebp=0016f668 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffde000 edi=0021f248
eip=774e70f4 esp=0021f124 ebp=0021f15c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=000000cc ebx=00000000 ecx=776e0000 edx=0000001b esi=7ffdf000 edi=0012f0ac
eip=774e70f4 esp=0012ef88 ebp=0012efc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=75a16000 ebx=00000000 ecx=75a16002 edx=774a0000 esi=7ffde000 edi=0021f248
eip=774e70f4 esp=0021f124 ebp=0021f15c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffdf000 edi=0012e928
eip=774e70f4 esp=0012e804 ebp=0012e83c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=00e60000 ebx=00000000 ecx=00010000 edx=774e70f4 esi=7ffdf000 edi=001ff56c
eip=774e70f4 esp=001ff448 ebp=001ff480 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=0021eca8 ebx=00000000 ecx=00000003 edx=00000000 esi=7ffde000 edi=0021f230
eip=774e70f4 esp=0021f10c ebp=0021f144 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a1b0000 6a413000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libpeerconnection.dll
<---- EVENT: handle internal ld ---->
eax=00e65004 ebx=00000000 ecx=00e60000 edx=00e65004 esi=7ffdf000 edi=001ff614
eip=774e70f4 esp=001ff4f0 ebp=001ff528 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffdf000 edi=0012e588
eip=774e70f4 esp=0012e464 ebp=0012e49c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(904.5a0): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 6b750000 6b885000 C:\Windows\system32\dwrite.dll
<---- EVENT: handle internal ld ---->
eax=000400cc ebx=00000000 ecx=000400ec edx=00000000 esi=7ffde000 edi=0021f2d8
eip=774e70f4 esp=0021f1b4 ebp=0021f1ec iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=0016f1b4 ebx=00000000 ecx=00000003 edx=00000000 esi=7ffdf000 edi=0016f73c
eip=774e70f4 esp=0016f618 ebp=0016f650 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(9a8.b74): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=001af54c edx=0000011c esi=7ffdf000 edi=001af7f8
eip=774e70f4 esp=001af6d4 ebp=001af70c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffdf000 edi=001af4cc
eip=774e70f4 esp=001af3a8 ebp=001af3e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75ae02e5 ebx=00000000 ecx=000002e4 edx=76494600 esi=7ffdf000 edi=001af1a0
eip=774e70f4 esp=001af07c ebp=001af0b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffdf000 edi=001af1a0
eip=774e70f4 esp=001af07c ebp=001af0b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(454.964): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755430cb ebx=00000000 ecx=0000008c edx=75540055 esi=7ffdf000 edi=001af1a0
eip=774e70f4 esp=001af07c ebp=001af0b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755323a2 ebx=00000000 ecx=0000004d edx=75530053 esi=7ffdf000 edi=001af1a0
eip=774e70f4 esp=001af07c ebp=001af0b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffdf000 edi=0024f028
eip=774e70f4 esp=0024ef04 ebp=0024ef3c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=0012f694 edx=01052994 esi=7ffdf000 edi=0012f4a0
eip=774e70f4 esp=0012f37c ebp=0012f3b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffdf000 edi=001af1a0
eip=774e70f4 esp=001af07c ebp=001af0b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffdf000 edi=001af188
eip=774e70f4 esp=001af064 ebp=001af09c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 739f0000 73a60000 C:\Windows\system32\ntshrui.dll
<---- EVENT: handle internal ld ---->
eax=0564cbdc ebx=ffffffff ecx=00000002 edx=00000000 esi=0564ce88 edi=0564ce6c
eip=774e70f4 esp=0564cca8 ebp=0564cd3c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=001ff2a4 ebx=00000000 ecx=0000000f edx=00000000 esi=7ffdf000 edi=001ff524
eip=774e70f4 esp=001ff400 ebp=001ff438 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 713b0000 713bb000 C:\Windows\system32\cscapi.dll
<---- EVENT: handle internal ld ---->
eax=0d148070 ebx=ffffffff ecx=0d140000 edx=0d148070 esi=0564cffc edi=0564cfe0
eip=774e70f4 esp=0564ce1c ebp=0564ceb0 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73720000 7372a000 C:\Windows\system32\slc.dll
<---- EVENT: handle internal ld ---->
eax=07e4f810 ebx=ffffffff ecx=d156c2fe edx=00000090 esi=0564d064 edi=0564d048
eip=774e70f4 esp=0564ce84 ebp=0564cf18 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(bfc.730): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 6b750000 6b885000 C:\Windows\system32\dwrite.dll
<---- EVENT: handle internal ld ---->
eax=0016f96c ebx=00000000 ecx=416f4dc6 edx=02cc15a8 esi=7ffdf000 edi=0016f7e4
eip=774e70f4 esp=0016f6c0 ebp=0016f6f8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=00000001 ebx=00000000 ecx=00000007 edx=001b0080 esi=7ffdf000 edi=001af1a0
eip=774e70f4 esp=001af07c ebp=001af0b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffdf000 edi=001af4cc
eip=774e70f4 esp=001af3a8 ebp=001af3e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffdf000 edi=001af4cc
eip=774e70f4 esp=001af3a8 ebp=001af3e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffdf000 edi=001af4cc
eip=774e70f4 esp=001af3a8 ebp=001af3e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=001aec80 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=001af12c
eip=774e70f4 esp=001af008 ebp=001af040 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffdf000 edi=001af4cc
eip=774e70f4 esp=001af3a8 ebp=001af3e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffdf000 edi=001af4cc
eip=774e70f4 esp=001af3a8 ebp=001af3e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffdf000 edi=001af12c
eip=774e70f4 esp=001af008 ebp=001af040 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffdf000 edi=001af4cc
eip=774e70f4 esp=001af3a8 ebp=001af3e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffdf000 edi=001af12c
eip=774e70f4 esp=001af008 ebp=001af040 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=774d5340 ebx=00000000 ecx=774d7ff4 edx=774a0000 esi=7ffdf000 edi=001af12c
eip=774e70f4 esp=001af008 ebp=001af040 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffdf000 edi=001af4cc
eip=774e70f4 esp=001af3a8 ebp=001af3e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=75a12d2d ebx=00000000 ecx=000002bd edx=00025848 esi=7ffdf000 edi=001af4cc
eip=774e70f4 esp=001af3a8 ebp=001af3e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=001aef2c ebx=00000000 ecx=00000003 edx=00000000 esi=7ffdf000 edi=001af4b4
eip=774e70f4 esp=001af390 ebp=001af3c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffdf000 edi=0024f028
eip=774e70f4 esp=0024ef04 ebp=0024ef3c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(454.82c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
<---- EVENT: handle internal epr ---->
eax=00000000 ebx=00000000 ecx=001cf694 edx=00000020 esi=77577380 edi=77577340
eip=774e70f4 esp=001cf6e4 ebp=001cf700 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=0024eaf4 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=0024ec88
eip=774e70f4 esp=0024eb64 ebp=0024eb9c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffdf000 edi=0024e8e8
eip=774e70f4 esp=0024e7c4 ebp=0024e7fc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffdf000 edi=0024e548
eip=774e70f4 esp=0024e424 ebp=0024e45c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=001ffd8c ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:001ffd90=00000000
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=008a1ff4 ebx=00000000 ecx=008a0000 edx=008a1ff4 esi=7ffdf000 edi=002cf118
eip=774e70f4 esp=002ceff4 ebp=002cf02c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=001ffd8c ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:001ffd90=00000000
(e1c.89c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=003d1770 ebx=00000000 ecx=00000055 edx=00000014 esi=7ffdf000 edi=0024e21c
eip=774e70f4 esp=0024e0f8 ebp=0024e130 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6b750000 6b885000 C:\Windows\system32\dwrite.dll
<---- EVENT: handle internal ld ---->
eax=001af6e4 ebx=00000000 ecx=416f4dc6 edx=00d915a8 esi=7ffdf000 edi=001af55c
eip=774e70f4 esp=001af438 ebp=001af470 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=021a2768 edx=00ecbf28 esi=7ffde000 edi=001ff724
eip=774e70f4 esp=001ff600 ebp=001ff638 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffdf000 edi=0012e5fc
eip=774e70f4 esp=0012e4d8 ebp=0012e510 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffde000 edi=001ff384
eip=774e70f4 esp=001ff260 ebp=001ff298 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffdf000 edi=0012f1c8
eip=774e70f4 esp=0012f0a4 ebp=0012f0dc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=00010000 edx=00010000 esi=7ffde000 edi=001ff5a4
eip=774e70f4 esp=001ff480 ebp=001ff4b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffdf000 edi=0024f028
eip=774e70f4 esp=0024ef04 ebp=0024ef3c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffdf000 edi=0024f028
eip=774e70f4 esp=0024ef04 ebp=0024ef3c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffdf000 edi=0024ec88
eip=774e70f4 esp=0024eb64 ebp=0024eb9c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffde000 edi=001ff278
eip=774e70f4 esp=001ff154 ebp=001ff18c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=00d0f01c ebx=00000000 ecx=00d00000 edx=00d0f01c esi=7ffdf000 edi=0012f3e8
eip=774e70f4 esp=0012f2c4 ebp=0012f2fc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffde000 edi=001fef4c
eip=774e70f4 esp=001fee28 ebp=001fee60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffdf000 edi=0012f0bc
eip=774e70f4 esp=0012ef98 ebp=0012efd0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffde000 edi=001fef4c
eip=774e70f4 esp=001fee28 ebp=001fee60 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=7762924d ebx=00000000 ecx=00000523 edx=76493f70 esi=7ffdf000 edi=0012ed90
eip=774e70f4 esp=0012ec6c ebp=0012eca4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=001fe9c0 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffde000 edi=001febac
eip=774e70f4 esp=001fea88 ebp=001feac0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffdf000 edi=0012ed90
eip=774e70f4 esp=0012ec6c ebp=0012eca4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=72a5502f ebx=00000000 ecx=72a5cbbc edx=72a40000 esi=7ffde000 edi=001ff5a4
eip=774e70f4 esp=001ff480 ebp=001ff4b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=7762bf71 ebx=00000000 ecx=77623600 edx=77620000 esi=7ffdf000 edi=0024f028
eip=774e70f4 esp=0024ef04 ebp=0024ef3c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffde000 edi=001ff5a4
eip=774e70f4 esp=001ff480 ebp=001ff4b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=001ff070 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffde000 edi=001ff204
eip=774e70f4 esp=001ff0e0 ebp=001ff118 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffdf000 edi=0024e8a4
eip=774e70f4 esp=0024e780 ebp=0024e7b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffdf000 edi=0024e504
eip=774e70f4 esp=0024e3e0 ebp=0024e418 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffde000 edi=001fee64
eip=774e70f4 esp=001fed40 ebp=001fed78 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffdf000 edi=002cedec
eip=774e70f4 esp=002cecc8 ebp=002ced00 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffde000 edi=001feac4
eip=774e70f4 esp=001fe9a0 ebp=001fe9d8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755430cb ebx=00000000 ecx=0000008c edx=75540055 esi=7ffdf000 edi=0012ed90
eip=774e70f4 esp=0012ec6c ebp=0012eca4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffde000 edi=001fe798
eip=774e70f4 esp=001fe674 ebp=001fe6ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755323a2 ebx=00000000 ecx=0000004d edx=75530053 esi=7ffdf000 edi=0012ed90
eip=774e70f4 esp=0012ec6c ebp=0012eca4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffde000 edi=001ff5a4
eip=774e70f4 esp=001ff480 ebp=001ff4b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(9a8.824): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffdf000 edi=0012ed90
eip=774e70f4 esp=0012ec6c ebp=0012eca4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=00952296 ebx=00000000 ecx=00000008 edx=00000002 esi=7ffdf000 edi=002ceac0
eip=774e70f4 esp=002ce99c ebp=002ce9d4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffde000 edi=001ff5a4
eip=774e70f4 esp=001ff480 ebp=001ff4b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(454.7c4): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffdf000 edi=0012ed78
eip=774e70f4 esp=0012ec54 ebp=0012ec8c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffde000 edi=001ff204
eip=774e70f4 esp=001ff0e0 ebp=001ff118 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=77612010 ebx=00000000 ecx=77612000 edx=fffffffe esi=7ffdf000 edi=0012ed90
eip=774e70f4 esp=0012ec6c ebp=0012eca4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=7762bf71 ebx=00000000 ecx=77623600 edx=77620000 esi=7ffde000 edi=001ff5a4
eip=774e70f4 esp=001ff480 ebp=001ff4b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffdf000 edi=0012f0bc
eip=774e70f4 esp=0012ef98 ebp=0012efd0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffde000 edi=001fee20
eip=774e70f4 esp=001fecfc ebp=001fed34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffdf000 edi=0012f0bc
eip=774e70f4 esp=0012ef98 ebp=0012efd0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffde000 edi=001fea80
eip=774e70f4 esp=001fe95c ebp=001fe994 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffdf000 edi=0012f0bc
eip=774e70f4 esp=0012ef98 ebp=0012efd0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(9a8.9f4): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=0024f614 edx=01052994 esi=7ffdf000 edi=0024f420
eip=774e70f4 esp=0024f2fc ebp=0024f334 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffdf000 edi=0024e578
eip=774e70f4 esp=0024e454 ebp=0024e48c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffdf000 edi=0024f148
eip=774e70f4 esp=0024f024 ebp=0024f05c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=001ffb8c edx=01052994 esi=7ffde000 edi=001ff998
eip=774e70f4 esp=001ff874 ebp=001ff8ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=0012e3b4 ebx=00000000 ecx=00000016 edx=00000000 esi=7ffdf000 edi=0012ed1c
eip=774e70f4 esp=0012ebf8 ebp=0012ec30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffde000 edi=001feaf4
eip=774e70f4 esp=001fe9d0 ebp=001fea08 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(9a8.d90): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffdf000 edi=0012f0bc
eip=774e70f4 esp=0012ef98 ebp=0012efd0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffde000 edi=001ff6c0
eip=774e70f4 esp=001ff59c ebp=001ff5d4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffdf000 edi=0012f0bc
eip=774e70f4 esp=0012ef98 ebp=0012efd0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffdf000 edi=0012ed1c
eip=774e70f4 esp=0012ebf8 ebp=0012ec30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=0243f01c ebx=00000000 ecx=02430000 edx=0243f01c esi=7ffde000 edi=001ff8e0
eip=774e70f4 esp=001ff7bc ebp=001ff7f4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffdf000 edi=0012f0bc
eip=774e70f4 esp=0012ef98 ebp=0012efd0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffde000 edi=001ff5b4
eip=774e70f4 esp=001ff490 ebp=001ff4c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(9a8.574): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=774ff9e8 edx=774a0000 esi=7ffde000 edi=001ff288
eip=774e70f4 esp=001ff164 ebp=001ff19c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffdf000 edi=002ceac0
eip=774e70f4 esp=002ce99c ebp=002ce9d4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=002ce534 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffdf000 edi=002ce720
eip=774e70f4 esp=002ce5fc ebp=002ce634 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffde000 edi=001ff288
eip=774e70f4 esp=001ff164 ebp=001ff19c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffdf000 edi=0012ed1c
eip=774e70f4 esp=0012ebf8 ebp=0012ec30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755430cb ebx=00000000 ecx=0000008c edx=75540055 esi=7ffde000 edi=001ff288
eip=774e70f4 esp=001ff164 ebp=001ff19c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=00c82200 ebx=00000000 ecx=00bf0000 edx=00bf0000 esi=7ffdf000 edi=0012ed1c
eip=774e70f4 esp=0012ebf8 ebp=0012ec30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755323a2 ebx=00000000 ecx=0000004d edx=75530053 esi=7ffde000 edi=001ff288
eip=774e70f4 esp=001ff164 ebp=001ff19c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffdf000 edi=0012f0bc
eip=774e70f4 esp=0012ef98 ebp=0012efd0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=005bf01c ebx=00000000 ecx=005b0000 edx=005bf01c esi=7ffdf000 edi=0024f364
eip=774e70f4 esp=0024f240 ebp=0024f278 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffde000 edi=001ff288
eip=774e70f4 esp=001ff164 ebp=001ff19c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6e080000 6e0a8000 NP-MSWMP.dll
<---- EVENT: handle internal ld ---->
eax=00d34b50 ebx=ffffffff ecx=23a65b99 edx=000000fc esi=06ceefc8 edi=06ceefc4
eip=774e70f4 esp=06ceee84 ebp=06ceef18 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffde000 edi=001ff270
eip=774e70f4 esp=001ff14c ebp=001ff184 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6b5a0000 6b639000 npGoogleUpdate3_unsigned.dll
<---- EVENT: handle internal ld ---->
eax=0d78effc ebx=ffffffff ecx=0d780000 edx=0d78effc esi=06ceefc8 edi=06ceefc4
eip=774e70f4 esp=06ceee84 ebp=06ceef18 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=77612010 ebx=00000000 ecx=77612000 edx=fffffffe esi=7ffde000 edi=001ff288
eip=774e70f4 esp=001ff164 ebp=001ff19c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 62550000 63658000 npswf32.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=ffffffff ecx=00000000 edx=00000000 esi=06ceefc8 edi=06ceefc4
eip=774e70f4 esp=06ceee84 ebp=06ceef18 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffde000 edi=001ff5b4
eip=774e70f4 esp=001ff490 ebp=001ff4c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=72a5502f ebx=00000000 ecx=72a5cbbc edx=72a40000 esi=7ffdf000 edi=002cf118
eip=774e70f4 esp=002ceff4 ebp=002cf02c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffdf000 edi=002cf118
eip=774e70f4 esp=002ceff4 ebp=002cf02c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=00000309 ebx=00000000 ecx=75b2c004 edx=64dff153 esi=7ffdf000 edi=0024f038
eip=774e70f4 esp=0024ef14 ebp=0024ef4c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=7762924d ebx=00000000 ecx=00000523 edx=76493f70 esi=7ffdf000 edi=0024ed0c
eip=774e70f4 esp=0024ebe8 ebp=0024ec20 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffde000 edi=001ff5b4
eip=774e70f4 esp=001ff490 ebp=001ff4c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=75a16000 ebx=00000000 ecx=75a16002 edx=774a0000 esi=7ffdf000 edi=0012f0bc
eip=774e70f4 esp=0012ef98 ebp=0012efd0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffde000 edi=001ff5b4
eip=774e70f4 esp=001ff490 ebp=001ff4c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=774d404d ebx=00000000 ecx=774d7fbc edx=774a0000 esi=7ffdf000 edi=0012f0a4
eip=774e70f4 esp=0012ef80 ebp=0012efb8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=001fe8ac ebx=00000000 ecx=00000016 edx=00000000 esi=7ffde000 edi=001ff214
eip=774e70f4 esp=001ff0f0 ebp=001ff128 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6ded0000 6df1f000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libexif.dll
<---- EVENT: handle internal ld ---->
eax=65248050 ebx=00000000 ecx=655a824c edx=028dc068 esi=7ffdf000 edi=0012f02c
eip=774e70f4 esp=0012ef08 ebp=0012ef40 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffde000 edi=001ff5b4
eip=774e70f4 esp=001ff490 ebp=001ff4c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=010a2618 ebx=00000000 ecx=00003ebb edx=00000493 esi=7ffdf000 edi=0012f168
eip=774e70f4 esp=0012f044 ebp=0012f07c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000114 ebx=00000000 ecx=75f04082 edx=75b10000 esi=7ffde000 edi=001ff5b4
eip=774e70f4 esp=001ff490 ebp=001ff4c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=0012ec50 ebx=00000000 ecx=0000000a edx=00000000 esi=7ffdf000 edi=0012f08c
eip=774e70f4 esp=0012ef68 ebp=0012efa0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffde000 edi=001ff214
eip=774e70f4 esp=001ff0f0 ebp=001ff128 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(9a8.764): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=025e0000 ebx=00000000 ecx=00010000 edx=774e70f4 esi=7ffde000 edi=0021f1cc
eip=774e70f4 esp=0021f0a8 ebp=0021f0e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffdf000 edi=0024ed0c
eip=774e70f4 esp=0024ebe8 ebp=0024ec20 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=002cebe4 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=002ced78
eip=774e70f4 esp=002cec54 ebp=002cec8c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffde000 edi=001ff5b4
eip=774e70f4 esp=001ff490 ebp=001ff4c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(9a8.714): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffde000 edi=001ff214
eip=774e70f4 esp=001ff0f0 ebp=001ff128 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a1b0000 6a413000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libpeerconnection.dll
<---- EVENT: handle internal ld ---->
eax=025e5004 ebx=00000000 ecx=025e0000 edx=025e5004 esi=7ffde000 edi=0021f274
eip=774e70f4 esp=0021f150 ebp=0021f188 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755430cb ebx=00000000 ecx=0000008c edx=75540055 esi=7ffdf000 edi=0024ed0c
eip=774e70f4 esp=0024ebe8 ebp=0024ec20 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=02232200 ebx=00000000 ecx=021a0000 edx=021a0000 esi=7ffde000 edi=001ff214
eip=774e70f4 esp=001ff0f0 ebp=001ff128 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(f38.774): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffde000 edi=001ff5b4
eip=774e70f4 esp=001ff490 ebp=001ff4c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=000000e3 edx=75a16146 esi=7ffde000 edi=001ff5b4
eip=774e70f4 esp=001ff490 ebp=001ff4c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=774d404d ebx=00000000 ecx=774d7fbc edx=774a0000 esi=7ffde000 edi=001ff59c
eip=774e70f4 esp=001ff478 ebp=001ff4b0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755323a2 ebx=00000000 ecx=0000004d edx=75530053 esi=7ffdf000 edi=0024ed0c
eip=774e70f4 esp=0024ebe8 ebp=0024ec20 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffdf000 edi=002ce9d8
eip=774e70f4 esp=002ce8b4 ebp=002ce8ec iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(f38.478): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffdf000 edi=0024ed0c
eip=774e70f4 esp=0024ebe8 ebp=0024ec20 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffdf000 edi=002ce638
eip=774e70f4 esp=002ce514 ebp=002ce54c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(904.d6c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=010b861c ebx=00000000 ecx=0000001e edx=00000000 esi=7ffdf000 edi=002ce30c
eip=774e70f4 esp=002ce1e8 ebp=002ce220 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffdf000 edi=002cf118
eip=774e70f4 esp=002ceff4 ebp=002cf02c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffdf000 edi=002cf118
eip=774e70f4 esp=002ceff4 ebp=002cf02c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffdf000 edi=002ced78
eip=774e70f4 esp=002cec54 ebp=002cec8c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=7762bf71 ebx=00000000 ecx=77623600 edx=77620000 esi=7ffdf000 edi=002cf118
eip=774e70f4 esp=002ceff4 ebp=002cf02c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffdf000 edi=002ce994
eip=774e70f4 esp=002ce870 ebp=002ce8a8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffdf000 edi=002ce5f4
eip=774e70f4 esp=002ce4d0 ebp=002ce508 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffdf000 edi=0024ecf4
eip=774e70f4 esp=0024ebd0 ebp=0024ec08 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=0024ec74 ebx=00000000 ecx=0000000a edx=00000000 esi=7ffdf000 edi=0024ed0c
eip=774e70f4 esp=0024ebe8 ebp=0024ec20 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffdf000 edi=0024f038
eip=774e70f4 esp=0024ef14 ebp=0024ef4c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffdf000 edi=0024f038
eip=774e70f4 esp=0024ef14 ebp=0024ef4c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffdf000 edi=0024f038
eip=774e70f4 esp=0024ef14 ebp=0024ef4c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=0024e7ec ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=0024ec98
eip=774e70f4 esp=0024eb74 ebp=0024ebac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=0024eefc ebx=00000000 ecx=00000005 edx=00250020 esi=7ffdf000 edi=0024f038
eip=774e70f4 esp=0024ef14 ebp=0024ef4c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6ded0000 6df1f000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libexif.dll
<---- EVENT: handle internal ld ---->
eax=65248050 ebx=00000000 ecx=655a824c edx=02cac068 esi=7ffde000 edi=001ff524
eip=774e70f4 esp=001ff400 ebp=001ff438 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffdf000 edi=0024f038
eip=774e70f4 esp=0024ef14 ebp=0024ef4c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffdf000 edi=0024ec98
eip=774e70f4 esp=0024eb74 ebp=0024ebac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=64ec60a0 ebx=00000000 ecx=001f005c edx=00000002 esi=7ffde000 edi=001ff660
eip=774e70f4 esp=001ff53c ebp=001ff574 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=001ff148 ebx=00000000 ecx=0000000a edx=00000000 esi=7ffde000 edi=001ff584
eip=774e70f4 esp=001ff460 ebp=001ff498 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(81c.7b8): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=0021ef9c ebx=00000000 ecx=00000016 edx=00000000 esi=7ffde000 edi=0021f184
eip=774e70f4 esp=0021f060 ebp=0021f098 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(f38.a44): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0024f0c0 ebx=00000000 ecx=00000006 edx=00000000 esi=7ffdf000 edi=0024f038
eip=774e70f4 esp=0024ef14 ebp=0024ef4c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(81c.98c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffdf000 edi=0024ec98
eip=774e70f4 esp=0024eb74 ebp=0024ebac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(f38.8cc): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=774d5340 ebx=00000000 ecx=774d7ff4 edx=774a0000 esi=7ffdf000 edi=0024ec98
eip=774e70f4 esp=0024eb74 ebp=0024ebac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffdf000 edi=0024f038
eip=774e70f4 esp=0024ef14 ebp=0024ef4c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=75a16000 ebx=00000000 ecx=75a16002 edx=774a0000 esi=7ffdf000 edi=0024f038
eip=774e70f4 esp=0024ef14 ebp=0024ef4c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=0024ea98 ebx=00000000 ecx=00000003 edx=00000000 esi=7ffdf000 edi=0024f020
eip=774e70f4 esp=0024eefc ebp=0024ef34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(f60.8f8): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 6b750000 6b885000 C:\Windows\system32\dwrite.dll
<---- EVENT: handle internal ld ---->
eax=0024f250 ebx=00000000 ecx=416f4dc6 edx=021f15a8 esi=7ffdf000 edi=0024f0c8
eip=774e70f4 esp=0024efa4 ebp=0024efdc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=002cf704 edx=01052994 esi=7ffdf000 edi=002cf510
eip=774e70f4 esp=002cf3ec ebp=002cf424 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(f38.2a4): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(81c.c6c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffdf000 edi=002ce668
eip=774e70f4 esp=002ce544 ebp=002ce57c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffdf000 edi=002cf238
eip=774e70f4 esp=002cf114 ebp=002cf14c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(81c.acc): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(81c.748): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=00aaf01c ebx=00000000 ecx=00aa0000 edx=00aaf01c esi=7ffdf000 edi=002cf454
eip=774e70f4 esp=002cf330 ebp=002cf368 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=02c60000 ebx=00000000 ecx=00010000 edx=774e70f4 esi=7ffdf000 edi=0016f6dc
eip=774e70f4 esp=0016f5b8 ebp=0016f5f0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(904.260): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 6a1b0000 6a413000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libpeerconnection.dll
<---- EVENT: handle internal ld ---->
eax=02c65004 ebx=00000000 ecx=02c60000 edx=02c65004 esi=7ffdf000 edi=0016f784
eip=774e70f4 esp=0016f660 ebp=0016f698 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(904.2a8): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffdf000 edi=002cf128
eip=774e70f4 esp=002cf004 ebp=002cf03c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(bfc.d50): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
<---- EVENT: handle internal epr ---->
eax=000000c0 ebx=00000001 ecx=00000004 edx=00000000 esi=00000002 edi=00c61eb8
eip=774e70f4 esp=049cfa28 ebp=049cfb88 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=7762924d ebx=00000000 ecx=00000523 edx=76493f70 esi=7ffdf000 edi=002cedfc
eip=774e70f4 esp=002cecd8 ebp=002ced10 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffdf000 edi=002cedfc
eip=774e70f4 esp=002cecd8 ebp=002ced10 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(904.bf8): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755430cb ebx=00000000 ecx=0000008c edx=75540055 esi=7ffdf000 edi=002cedfc
eip=774e70f4 esp=002cecd8 ebp=002ced10 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(904.898): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=000043b2 edx=772ff4e8 esi=7ffdf000 edi=002cedfc
eip=774e70f4 esp=002cecd8 ebp=002ced10 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=0016f28c ebx=00000000 ecx=0000000f edx=00000000 esi=7ffdf000 edi=0016f690
eip=774e70f4 esp=0016f56c ebp=0016f5a4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffdf000 edi=002cedfc
eip=774e70f4 esp=002cecd8 ebp=002ced10 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffdf000 edi=002cede4
eip=774e70f4 esp=002cecc0 ebp=002cecf8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=77612010 ebx=00000000 ecx=77612000 edx=fffffffe esi=7ffdf000 edi=002cedfc
eip=774e70f4 esp=002cecd8 ebp=002ced10 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffdf000 edi=002cf128
eip=774e70f4 esp=002cf004 ebp=002cf03c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffdf000 edi=002cf128
eip=774e70f4 esp=002cf004 ebp=002cf03c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffdf000 edi=002cf128
eip=774e70f4 esp=002cf004 ebp=002cf03c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=002ce420 ebx=00000000 ecx=00000016 edx=00000000 esi=7ffdf000 edi=002ced88
eip=774e70f4 esp=002cec64 ebp=002cec9c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=75ae9ba1 ebx=00000000 ecx=000000be edx=75896a44 esi=7ffdf000 edi=002cf128
eip=774e70f4 esp=002cf004 ebp=002cf03c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffdf000 edi=002cf128
eip=774e70f4 esp=002cf004 ebp=002cf03c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffdf000 edi=002ced88
eip=774e70f4 esp=002cec64 ebp=002cec9c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffdf000 edi=002cf128
eip=774e70f4 esp=002cf004 ebp=002cf03c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffdf000 edi=002ced88
eip=774e70f4 esp=002cec64 ebp=002cec9c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=009e2100 ebx=00000000 ecx=00950000 edx=00950000 esi=7ffdf000 edi=002ced88
eip=774e70f4 esp=002cec64 ebp=002cec9c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffdf000 edi=002cf128
eip=774e70f4 esp=002cf004 ebp=002cf03c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=75a16000 ebx=00000000 ecx=75a16002 edx=774a0000 esi=7ffdf000 edi=002cf128
eip=774e70f4 esp=002cf004 ebp=002cf03c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=774d404d ebx=00000000 ecx=774d7fbc edx=774a0000 esi=7ffdf000 edi=002cf110
eip=774e70f4 esp=002cefec ebp=002cf024 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
<---- EVENT: handle internal epr ---->
eax=00000000 ebx=00000000 ecx=001ffbfc edx=00000020 esi=77577380 edi=77577340
eip=774e70f4 esp=001ffc4c ebp=001ffc68 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffd8000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0024fd80 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0024fd84=00000000
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffd8000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0024fd80 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0024fd84=00000000
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=020d2768 edx=00fb2f28 esi=7ffdf000 edi=0024f718
eip=774e70f4 esp=0024f5f4 ebp=0024f62c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=00000121 ebx=00000000 ecx=774dc83f edx=75af3249 esi=7ffdf000 edi=0024f378
eip=774e70f4 esp=0024f254 ebp=0024f28c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(904.b18): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(904.42c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=00d50000 ebx=00000000 ecx=00010000 edx=774e70f4 esi=7ffdf000 edi=001af454
eip=774e70f4 esp=001af330 ebp=001af368 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=020b1ff4 ebx=00000000 ecx=020b0000 edx=020b1ff4 esi=7ffdf000 edi=0024f598
eip=774e70f4 esp=0024f474 ebp=0024f4ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffdf000 edi=0024f26c
eip=774e70f4 esp=0024f148 ebp=0024f180 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffdf000 edi=0024ef40
eip=774e70f4 esp=0024ee1c ebp=0024ee54 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffdf000 edi=0024ef40
eip=774e70f4 esp=0024ee1c ebp=0024ee54 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=0024e9b4 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffdf000 edi=0024eba0
eip=774e70f4 esp=0024ea7c ebp=0024eab4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=72a5502f ebx=00000000 ecx=72a5cbbc edx=72a40000 esi=7ffdf000 edi=0024f598
eip=774e70f4 esp=0024f474 ebp=0024f4ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=774d9ff0 ebx=00000000 ecx=00000394 edx=749c5100 esi=7ffdf000 edi=0024f598
eip=774e70f4 esp=0024f474 ebp=0024f4ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=0024f064 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=0024f1f8
eip=774e70f4 esp=0024f0d4 ebp=0024f10c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffdf000 edi=0024ee58
eip=774e70f4 esp=0024ed34 ebp=0024ed6c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffdf000 edi=0024eab8
eip=774e70f4 esp=0024e994 ebp=0024e9cc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffdf000 edi=0024e78c
eip=774e70f4 esp=0024e668 ebp=0024e6a0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=0024f598 ebx=00000000 ecx=0024f560 edx=77500958 esi=7ffdf000 edi=0024f598
eip=774e70f4 esp=0024f474 ebp=0024f4ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffdf000 edi=0024f598
eip=774e70f4 esp=0024f474 ebp=0024f4ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffdf000 edi=0024f1f8
eip=774e70f4 esp=0024f0d4 ebp=0024f10c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=75605d12 ebx=00000000 ecx=00000238 edx=75517553 esi=7ffdf000 edi=0024f598
eip=774e70f4 esp=0024f474 ebp=0024f4ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffdf000 edi=0024ee14
eip=774e70f4 esp=0024ecf0 ebp=0024ed28 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffdf000 edi=0024ea74
eip=774e70f4 esp=0024e950 ebp=0024e988 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a1b0000 6a413000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libpeerconnection.dll
<---- EVENT: handle internal ld ---->
eax=00d55004 ebx=00000000 ecx=00d50000 edx=00d55004 esi=7ffdf000 edi=001af4fc
eip=774e70f4 esp=001af3d8 ebp=001af410 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=0024fb84 edx=01052994 esi=7ffdf000 edi=0024f990
eip=774e70f4 esp=0024f86c ebp=0024f8a4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffdf000 edi=0024eae8
eip=774e70f4 esp=0024e9c4 ebp=0024e9fc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(e1c.354): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffdf000 edi=0024f6b8
eip=774e70f4 esp=0024f594 ebp=0024f5cc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=0255f01c ebx=00000000 ecx=02550000 edx=0255f01c esi=7ffdf000 edi=0024f8d4
eip=774e70f4 esp=0024f7b0 ebp=0024f7e8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6ded0000 6df1f000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libexif.dll
<---- EVENT: handle internal ld ---->
eax=65248050 ebx=00000000 ecx=655a824c edx=00e0c088 esi=7ffdf000 edi=002cf09c
eip=774e70f4 esp=002cef78 ebp=002cefb0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffdf000 edi=0024f5a8
eip=774e70f4 esp=0024f484 ebp=0024f4bc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=7762924d ebx=00000000 ecx=00000523 edx=76493f70 esi=7ffdf000 edi=0024f27c
eip=774e70f4 esp=0024f158 ebp=0024f190 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffdf000 edi=0024f27c
eip=774e70f4 esp=0024f158 ebp=0024f190 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=0001c712 ebx=00000000 ecx=010ded8c edx=000009a5 esi=7ffdf000 edi=0024f27c
eip=774e70f4 esp=0024f158 ebp=0024f190 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=00000368 ebx=00000000 ecx=0024ef58 edx=00000000 esi=7ffdf000 edi=0024f27c
eip=774e70f4 esp=0024f158 ebp=0024f190 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffdf000 edi=0024f27c
eip=774e70f4 esp=0024f158 ebp=0024f190 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffdf000 edi=0024f264
eip=774e70f4 esp=0024f140 ebp=0024f178 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=64ec60a0 ebx=00000000 ecx=002c005c edx=00000002 esi=7ffdf000 edi=002cf1d4
eip=774e70f4 esp=002cf0b0 ebp=002cf0e8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=002cecb8 ebx=00000000 ecx=0000000a edx=00000000 esi=7ffdf000 edi=002cf0f4
eip=774e70f4 esp=002cefd0 ebp=002cf008 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=0215faa8 ebx=00000000 ecx=7775d36c edx=0000006c esi=7ffdf000 edi=0024f27c
eip=774e70f4 esp=0024f158 ebp=0024f190 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=001af18c ebx=00000000 ecx=0000000f edx=00000000 esi=7ffdf000 edi=001af408
eip=774e70f4 esp=001af2e4 ebp=001af31c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffdf000 edi=0024f5a8
eip=774e70f4 esp=0024f484 ebp=0024f4bc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6df40000 6e06a000 C:\Windows\System32\Speech\Common\sapi.dll
<---- EVENT: handle internal ld ---->
eax=0638b4fc ebx=ffffffff ecx=5d23d912 edx=00000181 esi=0024e1e8 edi=0024e1cc
eip=774e70f4 esp=0024e008 ebp=0024e09c iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 729f0000 72a04000 C:\Windows\system32\MSACM32.dll
<---- EVENT: handle internal ld ---->
eax=03b6e90c ebx=ffffffff ecx=e638af34 edx=0000002a esi=0024de48 edi=0024de2c
eip=774e70f4 esp=0024dc68 ebp=0024dcfc iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=00000250 ebx=00000000 ecx=ffffffff edx=64dfdc46 esi=7ffdf000 edi=0024f5a8
eip=774e70f4 esp=0024f484 ebp=0024f4bc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffdf000 edi=0024f5a8
eip=774e70f4 esp=0024f484 ebp=0024f4bc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=0024e8a0 ebx=00000000 ecx=00000016 edx=00000000 esi=7ffdf000 edi=0024f208
eip=774e70f4 esp=0024f0e4 ebp=0024f11c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffdf000 edi=0024f5a8
eip=774e70f4 esp=0024f484 ebp=0024f4bc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffdf000 edi=0024f5a8
eip=774e70f4 esp=0024f484 ebp=0024f4bc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=0f192505 ebx=00000000 ecx=010dfcec edx=0000000c esi=7ffdf000 edi=0024f208
eip=774e70f4 esp=0024f0e4 ebp=0024f11c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffdf000 edi=0024f5a8
eip=774e70f4 esp=0024f484 ebp=0024f4bc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffdf000 edi=0024f208
eip=774e70f4 esp=0024f0e4 ebp=0024f11c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=02162100 ebx=00000000 ecx=020d0000 edx=020d0000 esi=7ffdf000 edi=0024f208
eip=774e70f4 esp=0024f0e4 ebp=0024f11c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffdf000 edi=0024f5a8
eip=774e70f4 esp=0024f484 ebp=0024f4bc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=75a16000 ebx=00000000 ecx=75a16002 edx=774a0000 esi=7ffdf000 edi=0024f5a8
eip=774e70f4 esp=0024f484 ebp=0024f4bc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=774d404d ebx=00000000 ecx=774d7fbc edx=774a0000 esi=7ffdf000 edi=0024f590
eip=774e70f4 esp=0024f46c ebp=0024f4a4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6ded0000 6df1f000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libexif.dll
<---- EVENT: handle internal ld ---->
eax=0024f2f4 ebx=00000000 ecx=00000009 edx=00000000 esi=7ffdf000 edi=0024f51c
eip=774e70f4 esp=0024f3f8 ebp=0024f430 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=64ec60a0 ebx=00000000 ecx=0024005c edx=00000002 esi=7ffdf000 edi=0024f654
eip=774e70f4 esp=0024f530 ebp=0024f568 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=0024f484 ebx=00000000 ecx=00000003 edx=00000000 esi=7ffdf000 edi=0024f574
eip=774e70f4 esp=0024f450 ebp=0024f488 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(950.d58): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(950.f28): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(1ac.344): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(1ac.978): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(bfc.948): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(bfc.a0c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(950.45c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(bfc.cc0): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(950.564): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(1ac.eb0): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(1ac.fa8): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(950.8c8): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(e1c.a70): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(bfc.d00): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(e1c.a38): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(1ac.b98): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(e1c.424): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(e1c.d94): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=00f80000 ebx=00000000 ecx=00010000 edx=774e70f4 esi=7ffdf000 edi=0024efbc
eip=774e70f4 esp=0024ee98 ebp=0024eed0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
<---- EVENT: handle internal epr ---->
eax=000000c0 ebx=00000001 ecx=00000009 edx=00000000 esi=00000002 edi=009c1ee0
eip=774e70f4 esp=0466fa5c ebp=0466fbbc iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a1b0000 6a413000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libpeerconnection.dll
<---- EVENT: handle internal ld ---->
eax=00f85004 ebx=00000000 ecx=00f80000 edx=00f85004 esi=7ffdf000 edi=0024f064
eip=774e70f4 esp=0024ef40 ebp=0024ef78 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(bfc.e74): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(f60.830): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(e1c.de4): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
<---- EVENT: handle internal epr ---->
eax=00000000 ebx=00000000 ecx=002cf794 edx=00000020 esi=77577380 edi=77577340
eip=774e70f4 esp=002cf7e4 ebp=002cf800 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(bfc.f98): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=0024ea38 ebx=00000000 ecx=00000003 edx=00000000 esi=7ffdf000 edi=0024ef74
eip=774e70f4 esp=0024ee50 ebp=0024ee88 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(e1c.e34): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(f60.da0): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
<---- EVENT: handle internal epr ---->
eax=00000000 ebx=00000000 ecx=0027f960 edx=00000020 esi=77577380 edi=77577340
eip=774e70f4 esp=0027f9b0 ebp=0027f9cc iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(f60.974): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(f60.a80): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(f60.c24): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(f60.488): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
<---- EVENT: handle internal epr ---->
eax=000000c0 ebx=00000001 ecx=00000012 edx=00000000 esi=00000002 edi=00521ee0
eip=774e70f4 esp=0442f8e0 ebp=0442fa40 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(f60.d34): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
<---- EVENT: handle internal epr ---->
eax=000000c0 ebx=00000001 ecx=00000003 edx=00000000 esi=00000002 edi=005c1ee0
eip=774e70f4 esp=0428fc2c ebp=0428fd8c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
<---- EVENT: handle internal epr ---->
eax=000000c0 ebx=009543f0 ecx=00000003 edx=00000000 esi=00000002 edi=009543f0
eip=774e70f4 esp=047cfdac ebp=047cff0c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
<---- EVENT: handle internal epr ---->
eax=000000c0 ebx=00000001 ecx=00000000 edx=64feeb90 esi=00000002 edi=02141ee0
eip=774e70f4 esp=04ecfe10 ebp=04ecff70 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffda000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0029fbf8 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0029fbfc=00000000
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffda000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0029fbf8 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0029fbfc=00000000
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=00d22768 edx=00bffb28 esi=7ffdf000 edi=0029f590
eip=774e70f4 esp=0029f46c ebp=0029f4a4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffdf000 edi=0029f1f0
eip=774e70f4 esp=0029f0cc ebp=0029f104 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=00c11ff4 ebx=00000000 ecx=00c10000 edx=00c11ff4 esi=7ffdf000 edi=0029f410
eip=774e70f4 esp=0029f2ec ebp=0029f324 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffdf000 edi=0029f0e4
eip=774e70f4 esp=0029efc0 ebp=0029eff8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffdf000 edi=0029edb8
eip=774e70f4 esp=0029ec94 ebp=0029eccc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffdf000 edi=0029edb8
eip=774e70f4 esp=0029ec94 ebp=0029eccc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=0029e82c ebx=00000000 ecx=00000018 edx=00000000 esi=7ffdf000 edi=0029ea18
eip=774e70f4 esp=0029e8f4 ebp=0029e92c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffde000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0018fa94 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0018fa98=00000000
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=72a5502f ebx=00000000 ecx=72a5cbbc edx=72a40000 esi=7ffdf000 edi=0029f410
eip=774e70f4 esp=0029f2ec ebp=0029f324 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffdf000 edi=0029f410
eip=774e70f4 esp=0029f2ec ebp=0029f324 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffde000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0018fa94 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0018fa98=00000000
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=009a2d80 edx=007e8b28 esi=7ffdf000 edi=0018f42c
eip=774e70f4 esp=0018f308 ebp=0018f340 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffdf000 edi=0018f08c
eip=774e70f4 esp=0018ef68 ebp=0018efa0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=009a5000 ebx=00000000 ecx=009a4fe8 edx=00001000 esi=7ffdf000 edi=0018f2ac
eip=774e70f4 esp=0018f188 ebp=0018f1c0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=0029eedc ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=0029f070
eip=774e70f4 esp=0029ef4c ebp=0029ef84 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffdf000 edi=0029ecd0
eip=774e70f4 esp=0029ebac ebp=0029ebe4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffdf000 edi=0029e930
eip=774e70f4 esp=0029e80c ebp=0029e844 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffdf000 edi=0029e604
eip=774e70f4 esp=0029e4e0 ebp=0029e518 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffdf000 edi=0029f410
eip=774e70f4 esp=0029f2ec ebp=0029f324 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffdf000 edi=0029f410
eip=774e70f4 esp=0029f2ec ebp=0029f324 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffdf000 edi=0029f070
eip=774e70f4 esp=0029ef4c ebp=0029ef84 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=7762bf71 ebx=00000000 ecx=77623600 edx=77620000 esi=7ffdf000 edi=0029f410
eip=774e70f4 esp=0029f2ec ebp=0029f324 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffdf000 edi=0018ef80
eip=774e70f4 esp=0018ee5c ebp=0018ee94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffdf000 edi=0029ec8c
eip=774e70f4 esp=0029eb68 ebp=0029eba0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffdf000 edi=0029e8ec
eip=774e70f4 esp=0029e7c8 ebp=0029e800 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=0029f9fc edx=01052994 esi=7ffdf000 edi=0029f808
eip=774e70f4 esp=0029f6e4 ebp=0029f71c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffdf000 edi=0018ec54
eip=774e70f4 esp=0018eb30 ebp=0018eb68 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffdf000 edi=0018ec54
eip=774e70f4 esp=0018eb30 ebp=0018eb68 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=0018e6c8 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffdf000 edi=0018e8b4
eip=774e70f4 esp=0018e790 ebp=0018e7c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=009a6000 ebx=00000000 ecx=009a5fe8 edx=00001000 esi=7ffdf000 edi=0018f2ac
eip=774e70f4 esp=0018f188 ebp=0018f1c0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffdf000 edi=0029e960
eip=774e70f4 esp=0029e83c ebp=0029e874 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffdf000 edi=0018f2ac
eip=774e70f4 esp=0018f188 ebp=0018f1c0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=0018ed78 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=0018ef0c
eip=774e70f4 esp=0018ede8 ebp=0018ee20 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffdf000 edi=0029f530
eip=774e70f4 esp=0029f40c ebp=0029f444 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffdf000 edi=0018eb6c
eip=774e70f4 esp=0018ea48 ebp=0018ea80 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffdf000 edi=0018e7cc
eip=774e70f4 esp=0018e6a8 ebp=0018e6e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffdf000 edi=0018e4a0
eip=774e70f4 esp=0018e37c ebp=0018e3b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffdf000 edi=0018f2ac
eip=774e70f4 esp=0018f188 ebp=0018f1c0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffdf000 edi=0018f2ac
eip=774e70f4 esp=0018f188 ebp=0018f1c0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffdf000 edi=0018ef0c
eip=774e70f4 esp=0018ede8 ebp=0018ee20 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=7762bf71 ebx=00000000 ecx=77623600 edx=77620000 esi=7ffdf000 edi=0018f2ac
eip=774e70f4 esp=0018f188 ebp=0018f1c0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffdf000 edi=0018eb28
eip=774e70f4 esp=0018ea04 ebp=0018ea3c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffdf000 edi=0018e788
eip=774e70f4 esp=0018e664 ebp=0018e69c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=00fbf01c ebx=00000000 ecx=00fb0000 edx=00fbf01c esi=7ffdf000 edi=0029f74c
eip=774e70f4 esp=0029f628 ebp=0029f660 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffdf000 edi=0029f420
eip=774e70f4 esp=0029f2fc ebp=0029f334 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75aeabbf ebx=00000000 ecx=0000018d edx=76494147 esi=7ffdf000 edi=0029f0f4
eip=774e70f4 esp=0029efd0 ebp=0029f008 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=0018f894 edx=01052994 esi=7ffdf000 edi=0018f6a0
eip=774e70f4 esp=0018f57c ebp=0018f5b4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffdf000 edi=0029f0f4
eip=774e70f4 esp=0029efd0 ebp=0029f008 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=00000019 ebx=00000000 ecx=00000010 edx=fcc20e9e esi=7ffdf000 edi=0029f0f4
eip=774e70f4 esp=0029efd0 ebp=0029f008 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=0000000f ebx=00000000 ecx=0029fb00 edx=002a0000 esi=7ffdf000 edi=0029f0f4
eip=774e70f4 esp=0029efd0 ebp=0029f008 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffdf000 edi=0029f0f4
eip=774e70f4 esp=0029efd0 ebp=0029f008 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffdf000 edi=0029f0dc
eip=774e70f4 esp=0029efb8 ebp=0029eff0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=77612010 ebx=00000000 ecx=77612000 edx=fffffffe esi=7ffdf000 edi=0029f0f4
eip=774e70f4 esp=0029efd0 ebp=0029f008 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffdf000 edi=0018e7fc
eip=774e70f4 esp=0018e6d8 ebp=0018e710 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffdf000 edi=0018f3c8
eip=774e70f4 esp=0018f2a4 ebp=0018f2dc iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffdf000 edi=0029f420
eip=774e70f4 esp=0029f2fc ebp=0029f334 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffdf000 edi=0029f420
eip=774e70f4 esp=0029f2fc ebp=0029f334 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffdf000 edi=0029f420
eip=774e70f4 esp=0029f2fc ebp=0029f334 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=0029e718 ebx=00000000 ecx=00000016 edx=00000000 esi=7ffdf000 edi=0029f080
eip=774e70f4 esp=0029ef5c ebp=0029ef94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffdf000 edi=0029f420
eip=774e70f4 esp=0029f2fc ebp=0029f334 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffdf000 edi=0029f420
eip=774e70f4 esp=0029f2fc ebp=0029f334 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffdf000 edi=0029f080
eip=774e70f4 esp=0029ef5c ebp=0029ef94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffdf000 edi=0029f420
eip=774e70f4 esp=0029f2fc ebp=0029f334 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffdf000 edi=0029f080
eip=774e70f4 esp=0029ef5c ebp=0029ef94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=774d5340 ebx=00000000 ecx=774d7ff4 edx=774a0000 esi=7ffdf000 edi=0029f080
eip=774e70f4 esp=0029ef5c ebp=0029ef94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffdf000 edi=0029f420
eip=774e70f4 esp=0029f2fc ebp=0029f334 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=75a16000 ebx=00000000 ecx=75a16002 edx=774a0000 esi=7ffdf000 edi=0029f420
eip=774e70f4 esp=0029f2fc ebp=0029f334 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=774d404d ebx=00000000 ecx=774d7fbc edx=774a0000 esi=7ffdf000 edi=0029f408
eip=774e70f4 esp=0029f2e4 ebp=0029f31c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=00baf01c ebx=00000000 ecx=00ba0000 edx=00baf01c esi=7ffdf000 edi=0018f5e8
eip=774e70f4 esp=0018f4c4 ebp=0018f4fc iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffdf000 edi=0018f2bc
eip=774e70f4 esp=0018f198 ebp=0018f1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=7762924d ebx=00000000 ecx=00000523 edx=76493f70 esi=7ffdf000 edi=0018ef90
eip=774e70f4 esp=0018ee6c ebp=0018eea4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffdf000 edi=0018ef90
eip=774e70f4 esp=0018ee6c ebp=0018eea4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=00040cfc ebx=00000000 ecx=79ca3c30 edx=0018ed0c esi=7ffdf000 edi=0018ef90
eip=774e70f4 esp=0018ee6c ebp=0018eea4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=00023e23 ebx=00000000 ecx=00000019 edx=00001c23 esi=7ffdf000 edi=0018ef90
eip=774e70f4 esp=0018ee6c ebp=0018eea4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffdf000 edi=0018ef90
eip=774e70f4 esp=0018ee6c ebp=0018eea4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffdf000 edi=0018ef78
eip=774e70f4 esp=0018ee54 ebp=0018ee8c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=0018eef8 ebx=00000000 ecx=0000000a edx=00000000 esi=7ffdf000 edi=0018ef90
eip=774e70f4 esp=0018ee6c ebp=0018eea4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffdf000 edi=0018f2bc
eip=774e70f4 esp=0018f198 ebp=0018f1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=00032e7f ebx=00000000 ecx=75ae58a8 edx=75a30000 esi=7ffdf000 edi=0018f2bc
eip=774e70f4 esp=0018f198 ebp=0018f1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffdf000 edi=0018f2bc
eip=774e70f4 esp=0018f198 ebp=0018f1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=0018ea70 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffdf000 edi=0018ef1c
eip=774e70f4 esp=0018edf8 ebp=0018ee30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffdf000 edi=0018f2bc
eip=774e70f4 esp=0018f198 ebp=0018f1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffdf000 edi=0018f2bc
eip=774e70f4 esp=0018f198 ebp=0018f1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffdf000 edi=0018ef1c
eip=774e70f4 esp=0018edf8 ebp=0018ee30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffdf000 edi=0018f2bc
eip=774e70f4 esp=0018f198 ebp=0018f1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=000004c2 ebx=00000000 ecx=774e1b38 edx=736a8052 esi=7ffdf000 edi=0018ef1c
eip=774e70f4 esp=0018edf8 ebp=0018ee30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=774d5340 ebx=00000000 ecx=774d7ff4 edx=774a0000 esi=7ffdf000 edi=0018ef1c
eip=774e70f4 esp=0018edf8 ebp=0018ee30 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffdf000 edi=0018f2bc
eip=774e70f4 esp=0018f198 ebp=0018f1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=75a16000 ebx=00000000 ecx=75a16002 edx=774a0000 esi=7ffdf000 edi=0018f2bc
eip=774e70f4 esp=0018f198 ebp=0018f1d0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=0018ed1c ebx=00000000 ecx=00000003 edx=00000000 esi=7ffdf000 edi=0018f2a4
eip=774e70f4 esp=0018f180 ebp=0018f1b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6e100000 6e14f000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libexif.dll
<---- EVENT: handle internal ld ---->
eax=00004000 ebx=00000000 ecx=0000003b edx=00010000 esi=7ffdf000 edi=0029f394
eip=774e70f4 esp=0029f270 ebp=0029f2a8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=7fffffe3 ebx=00000000 ecx=00000053 edx=00000015 esi=7ffdf000 edi=0029f4cc
eip=774e70f4 esp=0029f3a8 ebp=0029f3e0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=0029efb0 ebx=00000000 ecx=0000000a edx=00000000 esi=7ffdf000 edi=0029f3ec
eip=774e70f4 esp=0029f2c8 ebp=0029f300 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(79c.f20): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(e2c.9dc): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 6b750000 6b885000 C:\Windows\system32\dwrite.dll
<---- EVENT: handle internal ld ---->
eax=0018f4d4 ebx=00000000 ecx=416f4dc6 edx=00eb15a8 esi=7ffdf000 edi=0018f34c
eip=774e70f4 esp=0018f228 ebp=0018f260 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(79c.b4c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(79c.440): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(79c.784): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(79c.6e8): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=00e40000 ebx=00000000 ecx=00010000 edx=774e70f4 esi=7ffdf000 edi=0018f244
eip=774e70f4 esp=0018f120 ebp=0018f158 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a1b0000 6a413000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libpeerconnection.dll
<---- EVENT: handle internal ld ---->
eax=00e45004 ebx=00000000 ecx=00e40000 edx=00e45004 esi=7ffdf000 edi=0018f2ec
eip=774e70f4 esp=0018f1c8 ebp=0018f200 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
<---- EVENT: handle internal epr ---->
eax=000000c0 ebx=774cfe8c ecx=00000000 edx=774cfd0d esi=00784198 edi=00000000
eip=774e70f4 esp=029bf6c0 ebp=029bf854 iopl=0 nv up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000293
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(e2c.f2c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=0018ef7c ebx=00000000 ecx=00000013 edx=00000000 esi=7ffdf000 edi=0018f1f8
eip=774e70f4 esp=0018f0d4 ebp=0018f10c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(e2c.b28): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(e2c.ff0): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(e2c.e64): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(e2c.b20): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
<---- EVENT: handle internal epr ---->
eax=000000c0 ebx=00000001 ecx=0000000a edx=00000000 esi=00000002 edi=00d929b0
eip=774e70f4 esp=04aafa0c ebp=04aafb6c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(e2c.ba4): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(e2c.ec0): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0015ff8c ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0015ff90=00000000
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=0015ff8c ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:0015ff90=00000000
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=00602768 edx=005b1728 esi=7ffde000 edi=0015f924
eip=774e70f4 esp=0015f800 ebp=0015f838 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=75af3000 ebx=00000000 ecx=75af3002 edx=774a0000 esi=7ffde000 edi=0015f584
eip=774e70f4 esp=0015f460 ebp=0015f498 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=005d1ff4 ebx=00000000 ecx=005d0000 edx=005d1ff4 esi=7ffde000 edi=0015f7a4
eip=774e70f4 esp=0015f680 ebp=0015f6b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffde000 edi=0015f478
eip=774e70f4 esp=0015f354 ebp=0015f38c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffde000 edi=0015f14c
eip=774e70f4 esp=0015f028 ebp=0015f060 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffde000 edi=0015f14c
eip=774e70f4 esp=0015f028 ebp=0015f060 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=0015ebc0 ebx=00000000 ecx=00000018 edx=00000000 esi=7ffde000 edi=0015edac
eip=774e70f4 esp=0015ec88 ebp=0015ecc0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
<---- EVENT: handle internal epr ---->
eax=000000c0 ebx=00000000 ecx=00000000 edx=052f5778 esi=0000021c edi=00000000
eip=774e70f4 esp=05bef9c8 ebp=05befa34 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=72a5502f ebx=00000000 ecx=72a5cbbc edx=72a40000 esi=7ffde000 edi=0015f7a4
eip=774e70f4 esp=0015f680 ebp=0015f6b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=000001d5 ebx=00000000 ecx=77627106 edx=749c505f esi=7ffde000 edi=0015f7a4
eip=774e70f4 esp=0015f680 ebp=0015f6b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=0015f270 ebx=00000000 ecx=00000005 edx=00000000 esi=7ffde000 edi=0015f404
eip=774e70f4 esp=0015f2e0 ebp=0015f318 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffde000 edi=0015f064
eip=774e70f4 esp=0015ef40 ebp=0015ef78 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
<---- EVENT: handle internal epr ---->
eax=000000c0 ebx=00000000 ecx=00000004 edx=00000000 esi=000001ec edi=00000000
eip=774e70f4 esp=04fcfc68 ebp=04fcfcd4 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
<---- EVENT: handle internal epr ---->
eax=000000c0 ebx=774cfe8c ecx=00000000 edx=00000000 esi=00444198 edi=00000000
eip=774e70f4 esp=0451fddc ebp=0451ff70 iopl=0 nv up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000293
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffde000 edi=0015ecc4
eip=774e70f4 esp=0015eba0 ebp=0015ebd8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffde000 edi=0015e998
eip=774e70f4 esp=0015e874 ebp=0015e8ac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffde000 edi=0015f7a4
eip=774e70f4 esp=0015f680 ebp=0015f6b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffde000 edi=0015f7a4
eip=774e70f4 esp=0015f680 ebp=0015f6b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffde000 edi=0015f404
eip=774e70f4 esp=0015f2e0 ebp=0015f318 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=7762bf71 ebx=00000000 ecx=77623600 edx=77620000 esi=7ffde000 edi=0015f7a4
eip=774e70f4 esp=0015f680 ebp=0015f6b8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffde000 edi=0015f020
eip=774e70f4 esp=0015eefc ebp=0015ef34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=010ae248 ebx=00000000 ecx=00001e37 edx=00001c19 esi=7ffde000 edi=0015ec80
eip=774e70f4 esp=0015eb5c ebp=0015eb94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=01047390 ebx=00000000 ecx=0015fd8c edx=01052994 esi=7ffde000 edi=0015fb98
eip=774e70f4 esp=0015fa74 ebp=0015faac iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffde000 edi=0015ecf4
eip=774e70f4 esp=0015ebd0 ebp=0015ec08 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffde000 edi=0015f8c0
eip=774e70f4 esp=0015f79c ebp=0015f7d4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=0081f01c ebx=00000000 ecx=00810000 edx=0081f01c esi=7ffde000 edi=0015fae0
eip=774e70f4 esp=0015f9bc ebp=0015f9f4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffde000 edi=0015f7b4
eip=774e70f4 esp=0015f690 ebp=0015f6c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=7762924d ebx=00000000 ecx=00000523 edx=76493f70 esi=7ffde000 edi=0015f488
eip=774e70f4 esp=0015f364 ebp=0015f39c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffde000 edi=0015f488
eip=774e70f4 esp=0015f364 ebp=0015f39c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=0015fa58 edx=00160000 esi=7ffde000 edi=0015f488
eip=774e70f4 esp=0015f364 ebp=0015f39c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755323a2 ebx=00000000 ecx=0000004d edx=75530053 esi=7ffde000 edi=0015f488
eip=774e70f4 esp=0015f364 ebp=0015f39c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffde000 edi=0015f488
eip=774e70f4 esp=0015f364 ebp=0015f39c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffde000 edi=0015f470
eip=774e70f4 esp=0015f34c ebp=0015f384 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=77612010 ebx=00000000 ecx=77612000 edx=fffffffe esi=7ffde000 edi=0015f488
eip=774e70f4 esp=0015f364 ebp=0015f39c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffde000 edi=0015f7b4
eip=774e70f4 esp=0015f690 ebp=0015f6c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffde000 edi=0015f7b4
eip=774e70f4 esp=0015f690 ebp=0015f6c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffde000 edi=0015f7b4
eip=774e70f4 esp=0015f690 ebp=0015f6c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=0015eaac ebx=00000000 ecx=00000016 edx=00000000 esi=7ffde000 edi=0015f414
eip=774e70f4 esp=0015f2f0 ebp=0015f328 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffde000 edi=0015f7b4
eip=774e70f4 esp=0015f690 ebp=0015f6c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffde000 edi=0015f7b4
eip=774e70f4 esp=0015f690 ebp=0015f6c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=000004d5 ebx=00000000 ecx=77629003 edx=75727000 esi=7ffde000 edi=0015f414
eip=774e70f4 esp=0015f2f0 ebp=0015f328 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffde000 edi=0015f7b4
eip=774e70f4 esp=0015f690 ebp=0015f6c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffde000 edi=0015f414
eip=774e70f4 esp=0015f2f0 ebp=0015f328 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=00692100 ebx=00000000 ecx=00600000 edx=00600000 esi=7ffde000 edi=0015f414
eip=774e70f4 esp=0015f2f0 ebp=0015f328 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffde000 edi=0015f7b4
eip=774e70f4 esp=0015f690 ebp=0015f6c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=774ff879 edx=00001725 esi=7ffde000 edi=0015f7b4
eip=774e70f4 esp=0015f690 ebp=0015f6c8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=774d404d ebx=00000000 ecx=774d7fbc edx=774a0000 esi=7ffde000 edi=0015f79c
eip=774e70f4 esp=0015f678 ebp=0015f6b0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6def0000 6df3f000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libexif.dll
<---- EVENT: handle internal ld ---->
eax=0015f4fc ebx=00000000 ecx=00000009 edx=00000000 esi=7ffde000 edi=0015f724
eip=774e70f4 esp=0015f600 ebp=0015f638 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=64ec60a0 ebx=00000000 ecx=0015005c edx=00000002 esi=7ffde000 edi=0015f860
eip=774e70f4 esp=0015f73c ebp=0015f774 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=0015f694 ebx=00000000 ecx=00000003 edx=00000000 esi=7ffde000 edi=0015f784
eip=774e70f4 esp=0015f660 ebp=0015f698 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(380.f10): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(380.5c0): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(380.68c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(380.d44): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(380.d5c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
<---- EVENT: handle internal epr ---->
eax=000000c0 ebx=00000001 ecx=00000000 edx=64feeb90 esi=00000002 edi=00671ee0
eip=774e70f4 esp=0460fdbc ebp=0460ff1c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
Symbol search path is: srv*\\server\Symbols*http://chromium-browser-symsrv.commondatastorage.googleapis.com;srv*\\server\Symbols*http://msdl.microsoft.com/download/symbols;srv*\\server\Symbols*http://symbols.mozilla.org/firefox
Executable search path is:
ModLoad: 00fc0000 01097000 chrome.exe
<---- EVENT: handle internal cpr ---->
eax=010093e8 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=002cff48 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:002cff4c=00000000
ModLoad: 774a0000 775dc000 ntdll.dll
<---- EVENT: handle internal ld ---->
eax=010093e8 ebx=7ffdf000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=774e70d8 esp=002cff48 ebp=00000000 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000200
ntdll!RtlUserThreadStart:
774e70d8 89442404 mov dword ptr [esp+4],eax ss:0023:002cff4c=00000000
ModLoad: 75a30000 75b04000 C:\Windows\system32\kernel32.dll
<---- EVENT: handle internal ld ---->
eax=000000a8 ebx=00000000 ecx=00842768 edx=00772f28 esi=7ffde000 edi=002cf8e0
eip=774e70f4 esp=002cf7bc ebp=002cf7f4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75600000 7564b000 C:\Windows\system32\KERNELBASE.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffde000 edi=002cf540
eip=774e70f4 esp=002cf41c ebp=002cf454 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 72a40000 72a66000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_elf.dll
<---- EVENT: handle internal ld ---->
eax=00791ff4 ebx=00000000 ecx=00790000 edx=00791ff4 esi=7ffde000 edi=002cf760
eip=774e70f4 esp=002cf63c ebp=002cf674 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 761a0000 76240000 C:\Windows\system32\ADVAPI32.dll
<---- EVENT: handle internal ld ---->
eax=00000550 ebx=00000000 ecx=75aef575 edx=72a5cf53 esi=7ffde000 edi=002cf434
eip=774e70f4 esp=002cf310 ebp=002cf348 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77620000 776cc000 C:\Windows\system32\msvcrt.dll
<---- EVENT: handle internal ld ---->
eax=7620f538 ebx=00000000 ecx=761a0000 edx=00001000 esi=7ffde000 edi=002cf108
eip=774e70f4 esp=002cefe4 ebp=002cf01c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765c0000 765d9000 C:\Windows\SYSTEM32\sechost.dll
<---- EVENT: handle internal ld ---->
eax=00000482 ebx=00000000 ecx=774e1582 edx=76211000 esi=7ffde000 edi=002cf108
eip=774e70f4 esp=002cefe4 ebp=002cf01c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77230000 772d2000 C:\Windows\system32\RPCRT4.dll
<---- EVENT: handle internal ld ---->
eax=002ceb7c ebx=00000000 ecx=00000018 edx=00000000 esi=7ffde000 edi=002ced68
eip=774e70f4 esp=002cec44 ebp=002cec7c iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 749c0000 749c9000 C:\Windows\system32\VERSION.dll
<---- EVENT: handle internal ld ---->
eax=72a5502f ebx=00000000 ecx=72a5cbbc edx=72a40000 esi=7ffde000 edi=002cf760
eip=774e70f4 esp=002cf63c ebp=002cf674 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 701f0000 70222000 C:\Windows\system32\WINMM.dll
<---- EVENT: handle internal ld ---->
eax=00000000 ebx=00000000 ecx=00000000 edx=774a0000 esi=7ffde000 edi=002cf760
eip=774e70f4 esp=002cf63c ebp=002cf674 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75b10000 75bd9000 C:\Windows\system32\USER32.dll
<---- EVENT: handle internal ld ---->
eax=002cf22c ebx=00000000 ecx=00000005 edx=00000000 esi=7ffde000 edi=002cf3c0
eip=774e70f4 esp=002cf29c ebp=002cf2d4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76570000 765be000 C:\Windows\system32\GDI32.dll
<---- EVENT: handle internal ld ---->
eax=00000447 ebx=00000000 ecx=774e0ff2 edx=75b77000 esi=7ffde000 edi=002cf020
eip=774e70f4 esp=002ceefc ebp=002cef34 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760c0000 760ca000 C:\Windows\system32\LPK.dll
<---- EVENT: handle internal ld ---->
eax=00000318 ebx=00000000 ecx=75b2c167 edx=765b8655 esi=7ffde000 edi=002cec80
eip=774e70f4 esp=002ceb5c ebp=002ceb94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75de0000 75e7d000 C:\Windows\system32\USP10.dll
<---- EVENT: handle internal ld ---->
eax=000000e3 ebx=00000000 ecx=76573f04 edx=760c6244 esi=7ffde000 edi=002ce954
eip=774e70f4 esp=002ce830 ebp=002ce868 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 772e0000 77337000 C:\Windows\system32\SHLWAPI.dll
<---- EVENT: handle internal ld ---->
eax=00000094 ebx=00000000 ecx=701f23ea edx=01053074 esi=7ffde000 edi=002cf760
eip=774e70f4 esp=002cf63c ebp=002cf674 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755e0000 755f7000 C:\Windows\system32\USERENV.dll
<---- EVENT: handle internal ld ---->
eax=010540b0 ebx=00000000 ecx=010540b2 edx=75a30000 esi=7ffde000 edi=002cf760
eip=774e70f4 esp=002cf63c ebp=002cf674 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75510000 7551b000 C:\Windows\system32\profapi.dll
<---- EVENT: handle internal ld ---->
eax=00000100 ebx=00000000 ecx=77265986 edx=755f164e esi=7ffde000 edi=002cf3c0
eip=774e70f4 esp=002cf29c ebp=002cf2d4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73b70000 73b7d000 C:\Windows\system32\WTSAPI32.dll
<---- EVENT: handle internal ld ---->
eax=7762bf71 ebx=00000000 ecx=77623600 edx=77620000 esi=7ffde000 edi=002cf760
eip=774e70f4 esp=002cf63c ebp=002cf674 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775f0000 7760f000 C:\Windows\system32\IMM32.DLL
<---- EVENT: handle internal ld ---->
eax=00005a4d ebx=00000000 ecx=00000001 edx=00000000 esi=7ffde000 edi=002cefdc
eip=774e70f4 esp=002ceeb8 ebp=002ceef0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760d0000 7619c000 C:\Windows\system32\MSCTF.dll
<---- EVENT: handle internal ld ---->
eax=75aece53 ebx=00000000 ecx=00000345 edx=77606f63 esi=7ffde000 edi=002cec3c
eip=774e70f4 esp=002ceb18 ebp=002ceb50 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 765e0000 7722a000 C:\Windows\system32\SHELL32.dll
<---- EVENT: handle internal ld ---->
eax=0000001f ebx=00000000 ecx=00000000 edx=00000003 esi=7ffde000 edi=002cfb58
eip=774e70f4 esp=002cfa34 ebp=002cfa6c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77340000 7749c000 C:\Windows\system32\ole32.dll
<---- EVENT: handle internal ld ---->
eax=7699c648 ebx=00000000 ecx=765e0000 edx=00000000 esi=7ffde000 edi=002cecb0
eip=774e70f4 esp=002ceb8c ebp=002cebc4 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75400000 7540c000 C:\Windows\system32\cryptbase.dll
<---- EVENT: handle internal ld ---->
eax=00000103 ebx=00000000 ecx=00000000 edx=00000000 esi=7ffde000 edi=002cf880
eip=774e70f4 esp=002cf75c ebp=002cf794 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 63660000 65743000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\chrome_child.dll
<---- EVENT: handle internal ld ---->
eax=00f1f01c ebx=00000000 ecx=00f10000 edx=00f1f01c esi=7ffde000 edi=002cfa9c
eip=774e70f4 esp=002cf978 ebp=002cf9b0 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 76320000 764d6000 C:\Windows\system32\WININET.dll
<---- EVENT: handle internal ld ---->
eax=64dff000 ebx=00000000 ecx=64dff002 edx=75b10000 esi=7ffde000 edi=002cf770
eip=774e70f4 esp=002cf64c ebp=002cf684 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 755a0000 755a4000 C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75ae0225 ebx=00000000 ecx=00000224 edx=76494f00 esi=7ffde000 edi=002cf444
eip=774e70f4 esp=002cf320 ebp=002cf358 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75540000 75545000 C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755a12bd ebx=00000000 ecx=0000000a edx=755a0072 esi=7ffde000 edi=002cf444
eip=774e70f4 esp=002cf320 ebp=002cf358 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75530000 75534000 C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=010ae298 ebx=00000000 ecx=00000001 edx=00001c23 esi=7ffde000 edi=002cf444
eip=774e70f4 esp=002cf320 ebp=002cf358 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75830000 75834000 C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=755323a2 ebx=00000000 ecx=0000004d edx=75530053 esi=7ffde000 edi=002cf444
eip=774e70f4 esp=002cf320 ebp=002cf358 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75650000 75653000 C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
<---- EVENT: handle internal ld ---->
eax=75832010 ebx=00000000 ecx=75832000 edx=fffffffe esi=7ffde000 edi=002cf444
eip=774e70f4 esp=002cf320 ebp=002cf358 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 77610000 77613000 C:\Windows\system32\normaliz.DLL
<---- EVENT: handle internal ld ---->
eax=75652010 ebx=00000000 ecx=75652000 edx=fffffffe esi=7ffde000 edi=002cf42c
eip=774e70f4 esp=002cf308 ebp=002cf340 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75be0000 75dda000 C:\Windows\system32\iertutil.dll
<---- EVENT: handle internal ld ---->
eax=77612010 ebx=00000000 ecx=77612000 edx=fffffffe esi=7ffde000 edi=002cf444
eip=774e70f4 esp=002cf320 ebp=002cf358 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 760b0000 760b5000 C:\Windows\system32\PSAPI.DLL
<---- EVENT: handle internal ld ---->
eax=0000005b ebx=00000000 ecx=763244c5 edx=64dff247 esi=7ffde000 edi=002cf770
eip=774e70f4 esp=002cf64c ebp=002cf684 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 70260000 702b1000 C:\Windows\system32\WINSPOOL.DRV
<---- EVENT: handle internal ld ---->
eax=64dfd338 ebx=00000000 ecx=64dfd33a edx=75a30000 esi=7ffde000 edi=002cf770
eip=774e70f4 esp=002cf64c ebp=002cf684 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75840000 758bb000 C:\Windows\system32\COMDLG32.dll
<---- EVENT: handle internal ld ---->
eax=0000004a ebx=00000000 ecx=702933f7 edx=64dff344 esi=7ffde000 edi=002cf770
eip=774e70f4 esp=002cf64c ebp=002cf684 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 74530000 746ce000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
<---- EVENT: handle internal ld ---->
eax=002cea68 ebx=00000000 ecx=00000016 edx=00000000 esi=7ffde000 edi=002cf3d0
eip=774e70f4 esp=002cf2ac ebp=002cf2e4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75e80000 75f0f000 C:\Windows\system32\OLEAUT32.dll
<---- EVENT: handle internal ld ---->
eax=000001ff ebx=00000000 ecx=75aeb51e edx=7467b000 esi=7ffde000 edi=002cf770
eip=774e70f4 esp=002cf64c ebp=002cf684 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75670000 75791000 C:\Windows\system32\CRYPT32.dll
<---- EVENT: handle internal ld ---->
eax=00000159 ebx=00000000 ecx=75b2a2da edx=75f04000 esi=7ffde000 edi=002cf770
eip=774e70f4 esp=002cf64c ebp=002cf684 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75520000 7552c000 C:\Windows\system32\MSASN1.dll
<---- EVENT: handle internal ld ---->
eax=002cf440 ebx=00000000 ecx=7ffb001c edx=75670340 esi=7ffde000 edi=002cf3d0
eip=774e70f4 esp=002cf2ac ebp=002cf2e4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73690000 736ac000 C:\Windows\system32\IPHLPAPI.DLL
<---- EVENT: handle internal ld ---->
eax=00000084 ebx=00000000 ecx=75673591 edx=64dfcb43 esi=7ffde000 edi=002cf770
eip=774e70f4 esp=002cf64c ebp=002cf684 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 775e0000 775e6000 C:\Windows\system32\NSI.dll
<---- EVENT: handle internal ld ---->
eax=00000268 ebx=00000000 ecx=774de31a edx=736a8000 esi=7ffde000 edi=002cf3d0
eip=774e70f4 esp=002cf2ac ebp=002cf2e4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 73680000 73687000 C:\Windows\system32\WINNSI.DLL
<---- EVENT: handle internal ld ---->
eax=008d2100 ebx=00000000 ecx=00840000 edx=00840000 esi=7ffde000 edi=002cf3d0
eip=774e70f4 esp=002cf2ac ebp=002cf2e4 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 759f0000 75a25000 C:\Windows\system32\WS2_32.dll
<---- EVENT: handle internal ld ---->
eax=736931ba ebx=00000000 ecx=000000e5 edx=64dfd249 esi=7ffde000 edi=002cf770
eip=774e70f4 esp=002cf64c ebp=002cf684 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75240000 75248000 C:\Windows\system32\Secur32.dll
<---- EVENT: handle internal ld ---->
eax=00000040 ebx=00000000 ecx=002cf540 edx=00842728 esi=7ffde000 edi=002cf770
eip=774e70f4 esp=002cf64c ebp=002cf684 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 75380000 7539b000 C:\Windows\system32\SSPICLI.DLL
<---- EVENT: handle internal ld ---->
eax=774d404d ebx=00000000 ecx=774d7fbc edx=774a0000 esi=7ffde000 edi=002cf758
eip=774e70f4 esp=002cf634 ebp=002cf66c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000216
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6dea0000 6deef000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\libexif.dll
<---- EVENT: handle internal ld ---->
eax=002cf4bc ebx=00000000 ecx=00000009 edx=00000000 esi=7ffde000 edi=002cf6e4
eip=774e70f4 esp=002cf5c0 ebp=002cf5f8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 69ed0000 6a1a3000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
<---- EVENT: handle internal ld ---->
eax=64ec60a0 ebx=00000000 ecx=002c005c edx=00000002 esi=7ffde000 edi=002cf81c
eip=774e70f4 esp=002cf6f8 ebp=002cf730 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
ModLoad: 6a420000 6acc1000 C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
<---- EVENT: handle internal ld ---->
eax=002cf64c ebx=00000000 ecx=00000003 edx=00000000 esi=7ffde000 edi=002cf73c
eip=774e70f4 esp=002cf618 ebp=002cf650 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(b34.c88): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(b34.f5c): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(b34.e60): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(b34.a28): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
(b34.d10): Visual C++ exception - code 406d1388 (first chance)
<---- EVENT: ignore 1st chance vcpp ---->
<---- EVENT: handle internal epr ---->
eax=00000101 ebx=774cfe8c ecx=00000000 edx=774cfd0d esi=008b1c88 edi=00000000
eip=774e70f4 esp=044afa88 ebp=044afc1c iopl=0 nv up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000293
ntdll!KiFastSystemCallRet:
774e70f4 c3 ret
(e54.3b4): Access violation - code c0000005 (first chance)
^ Extra character error in 'r$t0=1;.foreach/pS1/ps99(x {.exr -1}){.if(${x}==@$ip){.foreach/pSd/ps99(y {!vprot @$ip}){.if(${y}==1){r$t0=0}}}}if(@$t0){.printf "<---- EVENT: handle 1st chance av ---->\r\n";}'
eax=45d61c3c ebx=00000000 ecx=04fde588 edx=04fde5d0 esi=45d61bf8 edi=0014edac
eip=0501b300 esp=0014ecec ebp=0014ed14 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
0501b300 48 dec eax
(e54.3b4): Access violation - code c0000005 (!!! second chance !!!)