'2007/09'에 해당되는 글 5건

2007/09/26 Driver Loader
2007/09/25 Yahoo! Webcam ActiveX 취약점에 대한 디스어셈블리
2007/09/25 인터넷 개인 정보 뒷조사 도구-말티고(Maltego)
2007/09/25 Norman Sandbox AnalyzerStartupSetting Filename and optionsStartCompletedResults (1)
2007/09/25 MS 06-074에 대한 Diffing Result

Driver Loader

보안, 개발 도구들 2007/09/26 18:27

커널 드라이버 개발 시에 많은 난관 들 중의 하나가 드라이버 로딩입니다.

실제로는 서비스를 등록하듯이 드라이버도 레지스트리에 등록이 되어야 합니다. 그러한 과정을 대부분 Service API를 써서 해결하고는 합니다. 하지만, 개발 과정에서 그러한 부분까지 모두 신경 쓰기에는 너무 잡다한 면이 있습니다. 그러할 경우에 간단히 수동으로 아무런 설정 없이 드라이버를 로드해 주는 툴이 있습니다. 바로 "Driver Loader"입니다.

OSR에서 배포하는 툴로써, 다음 링크에서 다운로드 가능합니다.

http://www.osronline.com/article.cfm?article=157

특히 V2.3에서 minifilter에 대한 지원이 추가 되었습니다.

What's new in Driver Loader, V2.3

Add support for MiniFilters, x64 bit support, Supports non-PnP (legacy) drivers only

압축파일을 풀면, OSRLOADER.exe라는 실행파일이 있습니다. 이 파일과 드라이버만 타겟 머신에 복사하고 바로 드라이버 로딩이 가능합니다.

x64 Vista 머신에서 개발단계에 있는 avfilter.sys라는 테스트용 드라이버를 로드해 보았습니다.

Inf 파일을 이용한 인스톨등의 과정을 생략한채 단지 드라이버 파일만으로도 간단히 기능을 테스트 해 볼 수 있었습니다. 단 테스트용 드라이버가 사인되지 않았을 경우에는 부팅시 F8을 누르고 "Disable Driver Signature Enforcement" 옵션을 선택하여야 합니다.

'보안, 개발 도구들' 카테고리의 다른 글

User Mode Process Dumper by Microsoft: 안정적이면서 간단한 프로세스 덤퍼 (0)	2008/03/12
LADS-NTFS 파일의 보이지 않는 스트림 찾기 (1)	2008/03/06
리버스 엔지니어링 툴 IDA 4.9 프리웨어(freeware)로 풀려 (0)	2007/11/03
간단한 IP 주소 추적 서비스 (0)	2007/11/02
민감한 파일을 안전하게 - 디스크암호화 유틸리티: TrueCrypt (0)	2007/10/29
Driver Loader (0)	2007/09/26

Posted by 오정욱

트랙백 0개, 댓글 0개가 달렸습니다

Yahoo! Webcam ActiveX 취약점에 대한 디스어셈블리

리버스 엔지니어링 2007/09/25 18:36

Yahoo! Webcam ActiveX 취약점에 대한 디스어셈블리.

다음 링크에서 소개되고 있는 취약점에 대한 개인적인 disassembly입니다.

http://research.eeye.com/html/alerts/zeroday/20070606.html

call strcpy를 하는 부분에서 버퍼 오버플로우가 발생하게 됩니다.. 이 루틴의 여러 종류의 COM 메쏘드를 통해서 불리울 수 있다.

exploit은 http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0131.html과 http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0133.html 참조하기를 바랍니다.

Disassembling

ywcvwr

02700000 02723000 ywcvwr C (export symbols) ywcvwr.dll

.text:03971000 ; Input MD5 : 75BB9620F65D004B02331B6EE87DEEA7

.text:03971000

.text:03971000 ; File Name : C:\Program Files\Yahoo!\Messenger\ywcvwr.dll

.text:03971000 ; Format : Portable executable for 80386 (PE)

.text:03971000 ; Imagebase : 10000000

.text:03971000 ; Section 1. (virtual address 00001000)

.text:03971000 ; Virtual size : 00015356 ( 86870.)

.text:03971000 ; Section size in file : 00016000 ( 90112.)

.text:03971000 ; Offset to raw data for section: 00001000

.text:03971000 ; Flags 60000020: Text Executable Readable

.text:03971000 ; Alignment : default

.text:03971000 ; OS type : MS Windows

.text:03971000 ; Application type: DLL 32bit

.text:03971000

Base in File: 03971000

Loaded: 02700000

Point of Interest: 027067bc

-02700000=67bc

03971000+67bc=39777BC- 00001000= 39767BC

.text:039767A2 push eax ; char *

.text:039767A3 push 3FFh ; cbData

.text:039767A8 lea eax, [ebp-434h]

.text:039767AE push eax ; lpData

.text:039767AF push offset ValueName ; "WebcamServer"

.text:039767B4 lea ecx, [ebp-34h]

.text:039767B7 call sub_39731E9

.text:039767BC mov eax, [esi+2FCh]

0397676B

.text:0397676B or dword ptr [ebp-4], 0FFFFFFFFh

.text:0397676F test eax, eax

.text:03976771 mov [esi+2FCh], eax

.text:03976777 jz loc_3976867

.text:0397677D push 80000001h

.text:03976782 push offset aSoftwareYahooP ; "Software\\Yahoo\\Pager\\"

.text:03976787 lea ecx, [ebp-34h]

.text:0397678A call sub_397324C

.text:0397678F lea ecx, [esi+220h]

.text:03976795 mov dword ptr [ebp-4], 1

.text:0397679C call ds:?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::c_str(void)

call sub_39731E9

.text:039767A2 push eax ; char *

.text:039767A3 push 3FFh ; cbData

.text:039767A8 lea eax, [ebp-434h]

.text:039767AE push eax ; lpData

.text:039767AF push offset ValueName ; "WebcamServer"

.text:039767B4 lea ecx, [ebp-34h]

.text:039767B7 call sub_39731E9

.text:039767BC mov eax, [esi+2FCh]

.text:039767C2 mov ebx, [eax]

call sub_39731E9

.text:0397C913 push 80000001h

.text:0397C918 push offset aSoftwareYahooP ; "Software\\Yahoo\\Pager\\"

.text:0397C91D lea ecx, [ebp-30h]

.text:0397C920 call sub_397324C

.text:0397C925 push offset aWebcam_yahoo_c ; "webcam.yahoo.com"

.text:0397C92A push 63h ; cbData

.text:0397C92C lea eax, [ebp-94h]

.text:0397C932 push eax ; lpData

.text:0397C933 push offset ValueName ; "WebcamServer"

.text:0397C938 lea ecx, [ebp-30h]

.text:0397C93B mov byte ptr [ebp-4], 11h

0397C93F call sub_39731E9

sub_39731E9

.text:039731E9 ; int __stdcall sub_39731E9(LPCSTR lpValueName,char *lpData,DWORD cbData,char *)

.text:039731E9 sub_39731E9 proc near ; CODE XREF: sub_397671E+99#p

.text:039731E9 ; sub_397C7C5+17A#p

.text:039731E9

.text:039731E9 Type= dword ptr -8

.text:039731E9 hKey= dword ptr -4

.text:039731E9 lpValueName= dword ptr 8

.text:039731E9 lpData= dword ptr 0Ch

.text:039731E9 cbData= dword ptr 10h

.text:039731E9 arg_C= dword ptr 14h

.text:039731E9

.text:039731E9 push ebp

.text:039731EA mov ebp, esp

.text:039731EC push ecx

.text:039731ED push ecx

.text:039731EE and [ebp+Type], 0

.text:039731F2 push esi

.text:039731F3 mov esi, ecx

.text:039731F5 lea eax, [ebp+hKey]

.text:039731F8 push eax ; phkResult

.text:039731F9 lea ecx, [esi+4]

.text:039731FC call ds:?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::c_str(void)

.text:03973202 push eax ; lpSubKey

.text:03973203 push dword ptr [esi] ; hKey

.text:03973205 call ds:RegOpenKeyA

.text:0397320B test eax, eax

.text:0397320D pop esi

.text:0397320E jnz short loc_3973232

.text:03973210 lea eax, [ebp+cbData]

.text:03973213 push eax ; lpcbData

.text:03973214 push [ebp+lpData] ; lpData

.text:03973217 lea eax, [ebp+Type]

.text:0397321A push eax ; lpType

.text:0397321B push 0 ; lpReserved

.text:0397321D push [ebp+lpValueName] ; lpValueName

.text:03973220 push [ebp+hKey] ; hKey

.text:03973223 call ds:RegQueryValueExA

.text:03973229 push [ebp+hKey] ; hKey

.text:0397322C call ds:RegCloseKey

.text:03973232

.text:03973232 loc_3973232: ; CODE XREF: sub_39731E9+25#j

.text:03973232 cmp [ebp+Type], 1

.text:03973236 jz short loc_3973245

call strcpy

.text:03973238 push [ebp+arg_C] ; char *

.text:0397323B push [ebp+lpData] ; char *

.text:0397323E call strcpy

.text:03973243 pop ecx

.text:03973244 pop ecx

.text:03973245

.text:03973245 loc_3973245: ; CODE XREF: sub_39731E9+4D#j

.text:03973245 mov eax, [ebp+lpData]

.text:03973248 leave

.text:03973249 retn 10h

.text:03973249 sub_39731E9 endp

블로거뉴스에서 이 포스트를 추천해주세요.

http://bloggernews.media.daum.net/news/420459

'리버스 엔지니어링' 카테고리의 다른 글

인터넷 개인 정보 뒷조사 도구-말티고(Maltego) (0)	2007/10/24
Multiple Vulnerabilities in CA ARCserve for Laptops & Desktops (0)	2007/10/22
Basic NTLMSSP Parsing SchemeLMO TypeNTLMSSP Message (0)	2007/10/11
Yahoo! Webcam ActiveX 취약점에 대한 디스어셈블리 (0)	2007/09/25
Norman Sandbox AnalyzerStartupSetting Filename and optionsStartCompletedResults (1)	2007/09/25
MS 06-074에 대한 Diffing Result (0)	2007/09/25

Posted by 오정욱

TAG exploit, Messenger, Yahoo, 취약점

트랙백 0개, 댓글 0개가 달렸습니다

인터넷 개인 정보 뒷조사 도구-말티고(Maltego)

엔지니어링 2007/09/25 17:18

2007년 블랙햇에서 잠시 소개 되었던 Paterva라는 툴이 Maltego라는 이름으로 다시 나왔다.GUI와 웹인터페이스 버전이 존재하는데 GUI는 다음과 같은 모습을 띄고 있다.하지만 현제 GUI 버전은 잠시 중지 된 듯하다.
잠시 사용해 보니 검색 기능이 너무 강력하다 못해 위험한 수준이다. 오용되면 상당한 문제를 일으킬 만한 툴이다.

http://www.paterva.com/web/Maltego/

웹인터페이스 버전으로 단어와 이메일 주소, 도메인 이름을 사용하여 인터넷 사용자들에 대한 뒷조사가 가능하다.

블로거뉴스에서 이 포스트를 추천해주세요.

http://bloggernews.media.daum.net/news/420458

'엔지니어링' 카테고리의 다른 글

Windows Vista x64 에디션의 드라이버 싸이닝 문제 (0)	2008/03/17
IRP_MJ_CLEANUP과 IRP_MJ_CLOSE의 차이점 (0)	2008/03/12
Windows Vista SP1의 Object Manager Filtering으로 할 수 있는 일 (0)	2007/10/31
Windows Vista SP1의 Object Manager Filtering (0)	2007/10/30
윈도우즈 비스타(Vista) 커널 자료 구조 정리 사이트 (0)	2007/10/29
인터넷 개인 정보 뒷조사 도구-말티고(Maltego) (0)	2007/09/25

Posted by 오정욱

TAG Maltego, 개인 정보, 말테고, 블랙햇

트랙백 0개, 댓글 0개가 달렸습니다

Norman Sandbox AnalyzerStartupSetting Filename and optionsStartCompletedResults

리버스 엔지니어링 2007/09/25 17:09

Example Session

Startup

Setting Filename and options

Start

Completed

Results

SandBox Summary

Using profile C:\Program Files\Norman SandBox Analyzer\Profiles\default.ini

E:\mat\Files\regscan.ex_ : OK

====> Sandbox output:

[ DetectionInfo ]

* Sandbox name:

* Signature name: NOT_SCANNED

[ General information ]

* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.

* File length: 334848 bytes.

* MD5 hash: f3387d5351199ad06173bafbe52165d3.

Files checked : 1

Unpacked file saved to: C:\Program Files\Norman SandBox Analyzer\files\Unpacked\regscan.unp

API Log

Stripped RealMode Disk Operating System (DOS) 2.00

Starting Windows kernel.

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0004091 accessing page 0x00050001

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0004091 accessing page 0x00050002

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0004091 accessing page 0x00050003

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0004091 accessing page 0x00050004

Installing driver : "VMM ", DDB at 0x0xC0005908

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x00031C00 accessing page 0x000C0006

Installing driver : "IFSMgr ", DDB at 0x0xC0005B66

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x00031C00 accessing page 0x000C0007

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x00031C00 accessing page 0x000C0008

Installing driver : "VWIN32 ", DDB at 0x0xC00067C8

Installing driver : "VFAT ", DDB at 0x0xC0008217

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x00031DF3 accessing page 0x00077BC0

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x00031DF3 accessing page 0x00077BC1

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x00031E2E accessing page 0x00077BC2

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x00031E2E accessing page 0x00077BC3

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0x77BC1C5B accessing page 0x000F0001

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0002E37 accessing page 0x000C3005

0x77BC1C84=KERNEL32!WinExec ("C:\WINDOWS\SYSTEM32\KERNEL32.DLL",0x00031E98)

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC00035AB accessing page 0x00072001

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0008AC2 accessing page 0x00070000

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C800

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C801

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C802

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C803

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C804

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C805

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C806

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C807

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C808

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C809

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C80A

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C80B

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C80C

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C80D

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C80E

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C80F

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C810

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C811

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C812

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C813

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C814

**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C80F0B9 accessing page 0x00073000

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC00035AB accessing page 0x00072002

0x7C8094E8=KERNEL32!LoadLibraryA ("C:\WINDOWS\SYSTEM32\NTDLL.DLL")

0x7C80431E=KERNEL32!GetModuleHandleA ("C:\WINDOWS\SYSTEM32\NTDLL.DLL")

0x7C8043B4=KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\NTDLL.DLL",0x00000000)

0x7C802B3B=KERNEL32!GetFileSize (0x00000020,0x00000000)

0x7C8043BF=KERNEL32!_lclose (0x00000020)

0x7C80292C=KERNEL32!CloseHandle (0x00000020)

0x7C8043CB=KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\NTDLL.DLL",0x00000000,0x00000000)

0x7C80335C=KERNEL32!EnterCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0008AC2 accessing page 0x00070001

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C900

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C901

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C902

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C903

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C904

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0007C905

0x7C8037F2=KERNEL32!LoadLibraryA ("kernel32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("kernel32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"_ExitThread")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"GetCurrentProcessId")

0x7C8031E7=KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)

0x7C80366B=KERNEL32!GetProcAddress (0x7C900000,"CPlApplet")

0x7C803600=KERNEL32!LeaveCriticalSection (0x00000000)

0x7C8094F2=KERNEL32!LoadLibraryA ("C:\WINDOWS\SYSTEM32\ADVAPI32.DLL")

0x7C80431E=KERNEL32!GetModuleHandleA ("C:\WINDOWS\SYSTEM32\ADVAPI32.DLL")

0x7C8043B4=KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\ADVAPI32.DLL",0x00000000)

0x7C802B3B=KERNEL32!GetFileSize (0x00000020,0x00000000)

0x7C8043BF=KERNEL32!_lclose (0x00000020)

0x7C80292C=KERNEL32!CloseHandle (0x00000020)

0x7C8043CB=KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\ADVAPI32.DLL",0x00000000,0x00000000)

0x7C80335C=KERNEL32!EnterCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0008AC2 accessing page 0x00070002

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077DC0

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077DC1

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077DC2

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077DC3

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077DC4

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077DC5

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077DC6

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077DC7

0x7C8037F2=KERNEL32!LoadLibraryA ("kernel32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("kernel32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"ExpandEnvironmentStringsA")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"lstrcmp")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CreateHandle")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"lstrcpy")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"Sleep")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CreateSystemHandle")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"FetchTrueHandle")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"WinExec")

0x7C8037F2=KERNEL32!LoadLibraryA ("user32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("user32.dll")

0x7C804360=KERNEL32!strcpy (0x04FFFAF6,"C:\WINDOWS\SYSTEM32")

0x7C80436B=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32","\")

0x7C804374=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32\","user32.dll")

0x7C8043B4=KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\user32.dll",0x00000000)

0x7C802B3B=KERNEL32!GetFileSize (0x00000020,0x00000000)

0x7C8043BF=KERNEL32!_lclose (0x00000020)

0x7C80292C=KERNEL32!CloseHandle (0x00000020)

0x7C8043CB=KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\user32.dll",0x00000000,0x00000000)

0x7C80335C=KERNEL32!EnterCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC00035AB accessing page 0x00072003

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0008AC2 accessing page 0x00070003

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077D30

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077D31

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077D32

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077D33

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077D34

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077D35

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077D36

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077D37

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077D38

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077D39

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077D3A

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077D3B

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077D3C

0x7C8037F2=KERNEL32!LoadLibraryA ("kernel32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("kernel32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"GetModuleHandleA")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CreateHandle")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"ExitProcess")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"FindResourceA")

0x7C8031E7=KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)

0x7C80366B=KERNEL32!GetProcAddress (0x77D30000,"CPlApplet")

0x7C803600=KERNEL32!LeaveCriticalSection (0x00000000)

0x7C803831=KERNEL32!GetProcAddress (0x77D30000,"wsprintfA")

0x7C8037F2=KERNEL32!LoadLibraryA ("crypto.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("crypto.dll")

0x7C804360=KERNEL32!strcpy (0x04FFFAF6,"C:\WINDOWS\SYSTEM32")

0x7C80436B=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32","\")

0x7C804374=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32\","crypto.dll")

0x7C8043B4=KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\crypto.dll",0x00000000)

0x7C802B3B=KERNEL32!GetFileSize (0x00000020,0x00000000)

0x7C8043BF=KERNEL32!_lclose (0x00000020)

0x7C80292C=KERNEL32!CloseHandle (0x00000020)

0x7C8043CB=KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\crypto.dll",0x00000000,0x00000000)

0x7C80335C=KERNEL32!EnterCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0008AC2 accessing page 0x00070004

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0000FFD0

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0000FFD1

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0000FFD2

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0000FFD3

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x0000FFD4

0x7C8037F2=KERNEL32!LoadLibraryA ("MSVCRT.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("MSVCRT.dll")

0x7C804360=KERNEL32!strcpy (0x04FFF8A6,"C:\WINDOWS\SYSTEM32")

0x7C80436B=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32","\")

0x7C804374=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32\","MSVCRT.dll")

0x7C8043B4=KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\MSVCRT.dll",0x00000000)

0x7C802B3B=KERNEL32!GetFileSize (0x00000020,0x00000000)

0x7C8043BF=KERNEL32!_lclose (0x00000020)

0x7C80292C=KERNEL32!CloseHandle (0x00000020)

0x7C8043CB=KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\MSVCRT.dll",0x00000000,0x00000000)

0x7C80335C=KERNEL32!EnterCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0008AC2 accessing page 0x00070005

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077C00

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077C01

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077C02

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077C03

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077C04

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077C05

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077C06

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077C07

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077C08

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077C09

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077C0A

0x7C8037F2=KERNEL32!LoadLibraryA ("kernel32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("kernel32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"WriteFile")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"ReadFile")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CloseHandle")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"HeapAlloc")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"HeapFree")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"lstrcat")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"GetFileSize")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"SetFilePointer")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"GetCommandLineA")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"FlushCache")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CreateProcessA")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"ExitProcess")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CreateThread")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"FetchTrueHandle")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"DeleteFileA")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CopyFileA")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"ExitThread")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"GetFileAttributesA")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CreateFileA")

0x7C8031E7=KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)

0x7C80366B=KERNEL32!GetProcAddress (0x77C00000,"CPlApplet")

0x7C803600=KERNEL32!LeaveCriticalSection (0x00000000)

0x7C803831=KERNEL32!GetProcAddress (0x77C00000,"_adjust_fdiv")

0x7C803831=KERNEL32!GetProcAddress (0x77C00000,"malloc")

0x7C803831=KERNEL32!GetProcAddress (0x77C00000,"_initterm")

0x7C803831=KERNEL32!GetProcAddress (0x77C00000,"free")

0x7C8037F2=KERNEL32!LoadLibraryA ("KERNEL32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("KERNEL32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"DisableThreadLibraryCalls")

0x7C8031E7=KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)

0x0FFD1B94=MSVCRT!malloc (0x00000080)

0x0FFD1BBE=MSVCRT!_initterm (0x0FFD3000,0x0FFD3004)

0x0FFD1CC8=KERNEL32!DisableThreadLibraryCalls (0x0FFD0000)

0x7C80366B=KERNEL32!GetProcAddress (0x0FFD0000,"CPlApplet")

0x7C803600=KERNEL32!LeaveCriticalSection (0x00000000)

0x7C803831=KERNEL32!GetProcAddress (0x0FFD0000,"MD5Final")

0x7C803831=KERNEL32!GetProcAddress (0x0FFD0000,"MD5Update")

0x7C803831=KERNEL32!GetProcAddress (0x0FFD0000,"MD5Init")

0x7C803831=KERNEL32!GetProcAddress (0x0FFD0000,"rc4_crypt")

0x7C803831=KERNEL32!GetProcAddress (0x0FFD0000,"rc4_setup")

0x7C8031E7=KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)

0x7C80366B=KERNEL32!GetProcAddress (0x77DC0000,"CPlApplet")

0x7C803600=KERNEL32!LeaveCriticalSection (0x00000000)

0x7C8094FC=KERNEL32!LoadLibraryA ("C:\WINDOWS\SYSTEM32\GDI32.DLL")

0x7C80431E=KERNEL32!GetModuleHandleA ("C:\WINDOWS\SYSTEM32\GDI32.DLL")

0x7C8043B4=KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\GDI32.DLL",0x00000000)

0x7C802B3B=KERNEL32!GetFileSize (0x00000020,0x00000000)

0x7C8043BF=KERNEL32!_lclose (0x00000020)

0x7C80292C=KERNEL32!CloseHandle (0x00000020)

0x7C8043CB=KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\GDI32.DLL",0x00000000,0x00000000)

0x7C80335C=KERNEL32!EnterCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0008AC2 accessing page 0x00070006

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077F10

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077F11

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077F12

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077F13

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0003151 accessing page 0x00077F14

0x7C8031E7=KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)

**PAGE FAULT: process 0x00000000 - cs:eip 0x002B:0x7C80F197 accessing page 0x00073001

0x7C80366B=KERNEL32!GetProcAddress (0x77F10000,"CPlApplet")

0x7C803600=KERNEL32!LeaveCriticalSection (0x00000000)

0x7C809506=KERNEL32!LoadLibraryA ("C:\WINDOWS\SYSTEM32\USER32.DLL")

0x7C80431E=KERNEL32!GetModuleHandleA ("C:\WINDOWS\SYSTEM32\USER32.DLL")

0x7C809511=KERNEL32!GetProcAddress (0x77D30000,"wsprintfA")

0x7C809545=KERNEL32!SetCurrentDirectory ("C:\WINDOWS")

0x7C809551=KERNEL32!WinExec ("c:\sample.exe",0x00000000)

0x7C8032FE=KERNEL32!InternalExec ("c:\sample.exe",0x00000000,0x00000000)

0x7C80335C=KERNEL32!EnterCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC00035AB accessing page 0x00072004

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC0008AC2 accessing page 0x00070007

**PAGE FAULT: process 0x00000000 - cs:eip 0x0028:0xC00035AB accessing page 0x00072005

0x7C803420=KERNEL32!GetCurrentProcessId ()

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C803780 accessing page 0x000004C5

0x7C8037F2=KERNEL32!LoadLibraryA ("KERNEL32.DLL")

0x7C80431E=KERNEL32!GetModuleHandleA ("KERNEL32.DLL")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"LoadLibraryA")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"GetProcAddress")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"ExitProcess")

0x7C8037F2=KERNEL32!LoadLibraryA ("ADVAPI32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("ADVAPI32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x77DC0000,"RegOpenKeyA")

0x7C8037F2=KERNEL32!LoadLibraryA ("ole32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("ole32.dll")

0x7C804360=KERNEL32!strcpy (0x04FFFC12,"C:\WINDOWS\SYSTEM32")

0x7C80436B=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32","\")

0x7C804374=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32\","ole32.dll")

0x7C8043B4=KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\ole32.dll",0x00000000)

0x7C802B3B=KERNEL32!GetFileSize (0x00000020,0x00000000)

0x7C8043BF=KERNEL32!_lclose (0x00000020)

0x7C80292C=KERNEL32!CloseHandle (0x00000020)

0x7C8043CB=KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\ole32.dll",0x00000000,0x00000000)

0x7C80335C=KERNEL32!EnterCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0008AC2 accessing page 0x00070008

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000774D0

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000774D1

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000774D2

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000774D3

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000774D4

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000774D5

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000774D6

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000774D7

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000774D8

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000774D9

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000774DA

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000774DB

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000774DC

0x7C8037F2=KERNEL32!LoadLibraryA ("kernel32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("kernel32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"WriteFile")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CreateFileA")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"SetFilePointer")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"SetEndOfFile")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CloseHandle")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"ReadFile")

0x7C8037F2=KERNEL32!LoadLibraryA ("user32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("user32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x77D30000,"wsprintfA")

0x7C8031E7=KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)

0x7C80366B=KERNEL32!GetProcAddress (0x774D0000,"CPlApplet")

0x7C803600=KERNEL32!LeaveCriticalSection (0x00000000)

0x7C803831=KERNEL32!GetProcAddress (0x774D0000,"CoCreateGuid")

0x7C8037F2=KERNEL32!LoadLibraryA ("OLEAUT32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("OLEAUT32.dll")

0x7C804360=KERNEL32!strcpy (0x04FFFC12,"C:\WINDOWS\SYSTEM32")

0x7C80436B=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32","\")

0x7C804374=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32\","OLEAUT32.dll")

0x7C8043B4=KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\OLEAUT32.dll",0x00000000)

0x7C802B3B=KERNEL32!GetFileSize (0x00000020,0x00000000)

0x7C8043BF=KERNEL32!_lclose (0x00000020)

0x7C80292C=KERNEL32!CloseHandle (0x00000020)

0x7C8043CB=KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\OLEAUT32.dll",0x00000000,0x00000000)

0x7C80335C=KERNEL32!EnterCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0008AC2 accessing page 0x00070009

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00077110

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00077111

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00077112

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00077113

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00077114

0x7C8031E7=KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)

0x7C80366B=KERNEL32!GetProcAddress (0x77110000,"CPlApplet")

0x7C803600=KERNEL32!LeaveCriticalSection (0x00000000)

0x7C803831=KERNEL32!GetProcAddress (0x77110000,00006)

0x7C8037F2=KERNEL32!LoadLibraryA ("USER32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("USER32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x77D30000,"wsprintfW")

0x7C8037F2=KERNEL32!LoadLibraryA ("WININET.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("WININET.dll")

0x7C804360=KERNEL32!strcpy (0x04FFFC12,"C:\WINDOWS\SYSTEM32")

0x7C80436B=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32","\")

0x7C804374=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32\","WININET.dll")

0x7C8043B4=KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\WININET.dll",0x00000000)

0x7C802B3B=KERNEL32!GetFileSize (0x00000020,0x00000000)

0x7C8043BF=KERNEL32!_lclose (0x00000020)

0x7C80292C=KERNEL32!CloseHandle (0x00000020)

0x7C8043CB=KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\WININET.dll",0x00000000,0x00000000)

0x7C80335C=KERNEL32!EnterCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC00035AB accessing page 0x00072006

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0008AC2 accessing page 0x0007000A

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000771A0

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000771A1

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000771A2

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000771A3

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000771A4

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000771A5

0x7C8037F2=KERNEL32!LoadLibraryA ("ipstack.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("ipstack.dll")

0x7C804360=KERNEL32!strcpy (0x04FFF9C2,"C:\WINDOWS\SYSTEM32")

0x7C80436B=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32","\")

0x7C804374=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32\","ipstack.dll")

0x7C8043B4=KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\ipstack.dll",0x00000000)

0x7C802B3B=KERNEL32!GetFileSize (0x00000020,0x00000000)

0x7C8043BF=KERNEL32!_lclose (0x00000020)

0x7C80292C=KERNEL32!CloseHandle (0x00000020)

0x7C8043CB=KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\ipstack.dll",0x00000000,0x00000000)

0x7C80335C=KERNEL32!EnterCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0008AC2 accessing page 0x0007000B

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00073350

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00073351

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00073352

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00073353

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00073354

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00073355

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00073356

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00073357

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00073358

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x00073359

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x0007335A

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x0007335B

0x7C8037F2=KERNEL32!LoadLibraryA ("kernel32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("kernel32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"WriteFile")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CreateFileA")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CloseHandle")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"GetFileAttributesA")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"ReadFile")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"HeapAlloc")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"HeapFree")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"EnterCriticalSection")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"LeaveCriticalSection")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"ExitThread")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"GetFileSize")

0x7C8037F2=KERNEL32!LoadLibraryA ("user32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("user32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x77D30000,"wsprintfA")

0x7C8031E7=KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)

0x7C80366B=KERNEL32!GetProcAddress (0x73350000,"CPlApplet")

0x7C803600=KERNEL32!LeaveCriticalSection (0x00000000)

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_crackurl")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_downloadcontent")

0x7C8037F2=KERNEL32!LoadLibraryA ("user32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("user32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x77D30000,"wsprintfA")

0x7C8037F2=KERNEL32!LoadLibraryA ("kernel32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("kernel32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CreateHandle")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"FetchTrueHandle")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"ExitThread")

0x7C8031E7=KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)

0x7C80366B=KERNEL32!GetProcAddress (0x771A0000,"CPlApplet")

0x7C803600=KERNEL32!LeaveCriticalSection (0x00000000)

0x7C803831=KERNEL32!GetProcAddress (0x771A0000,"InternetOpenA")

0x7C8037F2=KERNEL32!LoadLibraryA ("WS2_32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("WS2_32.dll")

0x7C804360=KERNEL32!strcpy (0x04FFFC12,"C:\WINDOWS\SYSTEM32")

0x7C80436B=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32","\")

0x7C804374=KERNEL32!lstrcat ("C:\WINDOWS\SYSTEM32\","WS2_32.dll")

0x7C8043B4=KERNEL32!_lopen ("C:\WINDOWS\SYSTEM32\WS2_32.dll",0x00000000)

0x7C802B3B=KERNEL32!GetFileSize (0x00000020,0x00000000)

0x7C8043BF=KERNEL32!_lclose (0x00000020)

0x7C80292C=KERNEL32!CloseHandle (0x00000020)

0x7C8043CB=KERNEL32!InternalExec ("C:\WINDOWS\SYSTEM32\WS2_32.dll",0x00000000,0x00000000)

0x7C80335C=KERNEL32!EnterCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0008AC2 accessing page 0x0007000C

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000733B0

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000733B1

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000733B2

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000733B3

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000733B4

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000733B5

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000733B6

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003151 accessing page 0x000733B7

0x7C8037F2=KERNEL32!LoadLibraryA ("kernel32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("kernel32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"HeapFree")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CreateFileA")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"Sleep")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"WriteFile")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"CloseHandle")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"HeapAlloc")

0x7C803831=KERNEL32!GetProcAddress (0x7C800000,"ExitThread")

0x7C8037F2=KERNEL32!LoadLibraryA ("user32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("user32.dll")

0x7C803831=KERNEL32!GetProcAddress (0x77D30000,"wsprintfA")

0x7C8037F2=KERNEL32!LoadLibraryA ("ipstack.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("ipstack.dll")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_gethostname")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_accept")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_receive_data")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_gethostbyname")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_transfer_data")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_retrieve_socket_data")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_getservbyname")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_connect")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_listen_port")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_bind_port")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_close")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_query_protocol")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_reverse_dns")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_select")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_allocate_socket")

0x7C803831=KERNEL32!GetProcAddress (0x73350000,"ip_release_socket")

0x7C8031E7=KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C80F197 accessing page 0x00073002

0x7C80366B=KERNEL32!GetProcAddress (0x733B0000,"CPlApplet")

0x7C803600=KERNEL32!LeaveCriticalSection (0x00000000)

0x7C803831=KERNEL32!GetProcAddress (0x733B0000,00009)

0x7C8031E7=KERNEL32!HeapAlloc (0x00000000,0x00000008,0x0000031C)

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C803208 accessing page 0x00000400

0x7C803534=KERNEL32!CreateThread (0x00000000,0x00000000,0x004C4040,0x7C8010C5,0x00000000,0x04FFFE12)

0x7C8015F4=KERNEL32!EnterCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x7C80154E accessing page 0x000004C4

0x7C80160F=KERNEL32!GetCurrentProcessId ()

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC0003E08 accessing page 0x0004FFD0

**PAGE FAULT: process 0x00000100 - cs:eip 0x0028:0xC00035AB accessing page 0x00072007

0x7C80163F=KERNEL32!LeaveCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4062 accessing page 0x00000473

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C405B accessing page 0x00000401

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000402

0x7C803600=KERNEL32!LeaveCriticalSection (0x00000000)

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x00000474

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000403

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000404

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C40B1 accessing page 0x00000475

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000405

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000406

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000407

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C40D0 accessing page 0x00000476

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000408

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000409

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x00000477

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000040A

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000040B

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x00000478

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000040C

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000040D

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000040E

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C40A4 accessing page 0x00000479

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000040F

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000410

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x0000047A

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000411

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000412

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x0000047B

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000413

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000414

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x0000047C

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000415

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000416

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000417

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4083 accessing page 0x0000047D

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000418

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000419

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4083 accessing page 0x0000047E

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000041A

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000041B

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x0000047F

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000041C

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000041D

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000041E

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000041F

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x00000480

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C405B accessing page 0x00000420

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000421

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000422

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x00000481

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000423

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000424

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x00000482

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000425

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000426

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x00000483

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000427

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C40F0 accessing page 0x00000428

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000429

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000042A

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4062 accessing page 0x00000484

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C405B accessing page 0x0000042B

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000042C

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x00000485

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000042D

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000042E

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x00000486

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000042F

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000430

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000431

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x00000487

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000432

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000433

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4062 accessing page 0x00000488

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000434

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000435

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000436

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4083 accessing page 0x00000489

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000437

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000438

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x0000048A

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000439

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000043A

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000043B

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x0000048B

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000043C

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000043D

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x0000048C

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000043E

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000043F

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x0000048D

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000440

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000441

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000442

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x0000048E

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000443

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000444

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x0000048F

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000445

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000446

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000447

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4083 accessing page 0x00000490

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000448

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000449

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x00000491

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000044A

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000044B

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000044C

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C40A4 accessing page 0x00000492

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000044D

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000044E

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x00000493

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000044F

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000450

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000451

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C40A4 accessing page 0x00000494

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000452

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000453

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C40D0 accessing page 0x00000495

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000454

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000455

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000456

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x00000496

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000457

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000458

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C40C1 accessing page 0x00000497

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000459

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000045A

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000045B

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4083 accessing page 0x00000498

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000045C

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000045D

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x00000499

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000045E

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000045F

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000460

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C40B1 accessing page 0x0000049A

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000461

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000462

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x0000049B

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000463

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000464

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000465

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x0000049C

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000466

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000467

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x0000049D

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000468

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000469

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000046A

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4062 accessing page 0x0000049E

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000046B

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000046C

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x0000049F

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000046D

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000046E

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x0000046F

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x000004A0

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000470

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000471

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x000004A1

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4101 accessing page 0x00000472

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x000004A2

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x000004A3

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x000004A4

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4083 accessing page 0x000004A5

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4083 accessing page 0x000004A6

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x000004A7

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x000004A8

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x000004A9

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x000004AA

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x000004AB

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C40C1 accessing page 0x000004AC

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4083 accessing page 0x000004AD

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x000004AE

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x000004AF

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x000004B0

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x000004B1

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x000004B2

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x000004B3

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4083 accessing page 0x000004B4

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x000004B5

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x000004B6

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4083 accessing page 0x000004B7

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x000004B8

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x000004B9

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4062 accessing page 0x000004BA

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4083 accessing page 0x000004BB

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x000004BC

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4096 accessing page 0x000004BD

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x000004BE

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4074 accessing page 0x000004BF

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4083 accessing page 0x000004C0

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x000004C1

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4083 accessing page 0x000004C2

**PAGE FAULT: process 0x00000100 - cs:eip 0x002B:0x004C4058 accessing page 0x000004C3

0x004C4168=KERNEL32!LoadLibraryA ("KERNEL32.DLL")

0x7C80431E=KERNEL32!GetModuleHandleA ("KERNEL32.DLL")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetVersionExA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"lstrcmpiA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"CreateFileA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"ExpandEnvironmentStringsA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"ReadProcessMemory")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"FreeLibrary")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"LeaveCriticalSection")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"EnterCriticalSection")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"DeleteCriticalSection")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"InitializeCriticalSection")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetFileSize")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"SetFilePointer")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"WriteFile")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"lstrlenA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"Sleep")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"SetPriorityClass")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetCurrentProcess")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"SetErrorMode")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetLocaleInfoA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetLastError")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"CreateEventA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetCurrentProcessId")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"ExitProcess")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"CreateProcessA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"WriteProfileStringA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"SetFileTime")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetModuleFileNameA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetModuleHandleA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetFileTime")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetSystemDirectoryA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"DeleteFileA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"CloseHandle")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"WaitForSingleObject")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetTempPathA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetTickCount")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetProcAddress")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"VirtualProtectEx")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"CreatePipe")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"OpenProcess")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"ResumeThread")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"TerminateProcess")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetExitCodeProcess")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetExitCodeThread")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"VirtualQueryEx")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetSystemInfo")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"VirtualAllocEx")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"VirtualFreeEx")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"HeapFree")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"WriteProcessMemory")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"Module32Next")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"Module32First")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"CreateToolhelp32Snapshot")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"MapViewOfFileEx")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"OpenFileMappingA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"UnmapViewOfFile")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"HeapReAlloc")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"GetProcessHeap")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"VirtualAlloc")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"VirtualProtect")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"VirtualFree")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"LoadLibraryA")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"IsBadReadPtr")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"HeapAlloc")

0x004C4186=KERNEL32!GetProcAddress (0x7C800000,"ReadFile")

0x004C4168=KERNEL32!LoadLibraryA ("ADVAPI32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("ADVAPI32.dll")

0x004C4186=KERNEL32!GetProcAddress (0x77DC0000,"RegDeleteValueA")

0x004C4186=KERNEL32!GetProcAddress (0x77DC0000,"RegOpenKeyA")

0x004C4186=KERNEL32!GetProcAddress (0x77DC0000,"CryptReleaseContext")

0x004C4186=KERNEL32!GetProcAddress (0x77DC0000,"CryptGenRandom")

0x004C4186=KERNEL32!GetProcAddress (0x77DC0000,"CryptAcquireContextA")

0x004C4186=KERNEL32!GetProcAddress (0x77DC0000,"RegCloseKey")

0x004C4186=KERNEL32!GetProcAddress (0x77DC0000,"RegOpenKeyExA")

0x004C4186=KERNEL32!GetProcAddress (0x77DC0000,"RegQueryValueExA")

0x004C4186=KERNEL32!GetProcAddress (0x77DC0000,"RegSetValueExA")

0x004C4168=KERNEL32!LoadLibraryA ("ole32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("ole32.dll")

0x004C4186=KERNEL32!GetProcAddress (0x774D0000,"CoInitializeEx")

0x004C4186=KERNEL32!GetProcAddress (0x774D0000,"CoCreateInstance")

0x004C4186=KERNEL32!GetProcAddress (0x774D0000,"CoSetProxyBlanket")

0x004C4186=KERNEL32!GetProcAddress (0x774D0000,"CoUninitialize")

0x004C4186=KERNEL32!GetProcAddress (0x774D0000,"CoCreateGuid")

0x004C4186=KERNEL32!GetProcAddress (0x774D0000,"StringFromGUID2")

0x004C4186=KERNEL32!GetProcAddress (0x774D0000,"CoInitializeSecurity")

0x004C4168=KERNEL32!LoadLibraryA ("OLEAUT32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("OLEAUT32.dll")

0x004C4186=KERNEL32!GetProcAddress (0x77110000,00002)

0x004C4186=KERNEL32!GetProcAddress (0x77110000,00009)

0x004C4186=KERNEL32!GetProcAddress (0x77110000,00008)

0x004C4186=KERNEL32!GetProcAddress (0x77110000,00007)

0x004C4186=KERNEL32!GetProcAddress (0x77110000,00006)

0x004C4168=KERNEL32!LoadLibraryA ("USER32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("USER32.dll")

0x004C4186=KERNEL32!GetProcAddress (0x77D30000,"wsprintfW")

0x004C4186=KERNEL32!GetProcAddress (0x77D30000,"wsprintfA")

0x004C4168=KERNEL32!LoadLibraryA ("WININET.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("WININET.dll")

0x004C4186=KERNEL32!GetProcAddress (0x771A0000,"HttpSendRequestA")

0x004C4186=KERNEL32!GetProcAddress (0x771A0000,"InternetConnectA")

0x004C4186=KERNEL32!GetProcAddress (0x771A0000,"InternetOpenA")

0x004C4186=KERNEL32!GetProcAddress (0x771A0000,"InternetReadFile")

0x004C4186=KERNEL32!GetProcAddress (0x771A0000,"InternetCloseHandle")

0x004C4186=KERNEL32!GetProcAddress (0x771A0000,"HttpOpenRequestA")

0x004C4168=KERNEL32!LoadLibraryA ("WS2_32.dll")

0x7C80431E=KERNEL32!GetModuleHandleA ("WS2_32.dll")

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00006)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00005)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00016)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00019)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00018)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00001)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00013)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00022)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00003)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00023)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00115)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00116)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00052)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00002)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00004)

0x004C4186=KERNEL32!GetProcAddress (0x733B0000,00009)