date/time : 2018-09-30, 13:10:38, 964ms

computer name : DESKTOP-Q0FOGBE

user name : Toshiba
operating system : Windows 10 x64 build 17134
system language : Portuguese
system up time : 1 day 19 hours
program up time : 5 hours 10 minutes
processors : 4x Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
physical memory : 4146/8071 MB (free/total)
free disk space : (C:) 234,96 GB
display mode : 1366x768, 32 bit
process id : $29bc
allocated memory : 207,21 MB
largest free block : 1,92 GB
executable : streamwriter.exe
exec. date/time : 2018-08-02 19:27
version : 5.4.2.1
compiled with : Delphi XE
madExcept version : 4.0.20
callstack crc : $0bb7c2f2, $3720b6b4, $f562768c
exception number : 1
exception class : EAccessViolation
exception message : Zugriffsverletzung bei Adresse 75E88C08 in Modul
'shell32.dll'. Lesen von Adresse 1423670F.

main thread ($2040):

75e88c08 +028 shell32.dll ILClone
00662e27 +00b streamwriter.exe DragDropPIDL 696 +1 StringToPIDL
00662f0b +023 streamwriter.exe DragDropPIDL 784 +1 TPIDLList.Add
00662c9a +132 streamwriter.exe DragDropPIDL 523 +31 GetPIDLsFromFilenames
00663489 +039 streamwriter.exe DragDropPIDL 912 +5
TPIDLsToFilenamesStrings.Assign
0066a0f4 +040 streamwriter.exe DragDropFile 3147 +7 TFileDataFormat.AssignTo
00658c6d +0c1 streamwriter.exe DropSource 1507 +36
TCustomDropMultiSource.DoGetData
006577dd +049 streamwriter.exe DropSource 680 +11 TCustomDropSource.GetData
006220fa +06a streamwriter.exe VirtualTrees 5379 +11 TVTDragManager.DragEnter
74b0d73e +0de ole32.dll DoDragDrop
00657e1e +132 streamwriter.exe DropSource 992 +58 TCustomDropSource.DoExecute
0065f3af +00f streamwriter.exe DragDrop 1501 +2 TCustomDataFormat.Changing
00658135 +1ad streamwriter.exe DropSource 1145 +60 TCustomDropSource.Execute
00759ecc +2e0 streamwriter.exe ClientView 1285 +51 TMClientView.DoDragging
0063f855 +2bd streamwriter.exe VirtualTrees 24075 +77 TBaseVirtualTree.MouseMove
00509162 +07e streamwriter.exe Controls TControl.WMMouseMove
0050883c +2d4 streamwriter.exe Controls TControl.WndProc
0050d100 +568 streamwriter.exe Controls TWinControl.WndProc
0064310c +0e8 streamwriter.exe VirtualTrees 26012 +32 TBaseVirtualTree.WndProc
0050c7a0 +02c streamwriter.exe Controls TWinControl.MainWndProc
00451430 +014 streamwriter.exe Classes StdWndProc
748b79cb +00b user32.dll DispatchMessageW
004e8893 +0f3 streamwriter.exe Forms TApplication.ProcessMessage
004e88be +00a streamwriter.exe Forms TApplication.ProcessMessages
006223e8 +068 streamwriter.exe VirtualTrees 5522 +10
TVirtualTreeHintWindow.AnimationCallback
0063660f +0ef streamwriter.exe VirtualTrees 18627 +18 TBaseVirtualTree.Animate
00622fa9 +349 streamwriter.exe VirtualTrees 5885 +53
TVirtualTreeHintWindow.ActivateHint
00512693 +017 streamwriter.exe Controls THintWindow.ActivateHintData
004ea1d7 +32b streamwriter.exe Forms TApplication.ActivateHint
004e9b07 +0fb streamwriter.exe Forms TApplication.HintMouseMessage
0050866c +104 streamwriter.exe Controls TControl.WndProc
0050d100 +568 streamwriter.exe Controls TWinControl.WndProc
0064310c +0e8 streamwriter.exe VirtualTrees 26012 +32 TBaseVirtualTree.WndProc
0050c7a0 +02c streamwriter.exe Controls TWinControl.MainWndProc
00451430 +014 streamwriter.exe Classes StdWndProc
748b79cb +00b user32.dll DispatchMessageW
004e8893 +0f3 streamwriter.exe Forms TApplication.ProcessMessage
004e88be +00a streamwriter.exe Forms TApplication.ProcessMessages
006223e8 +068 streamwriter.exe VirtualTrees 5522 +10
TVirtualTreeHintWindow.AnimationCallback
0063660f +0ef streamwriter.exe VirtualTrees 18627 +18 TBaseVirtualTree.Animate
00622fa9 +349 streamwriter.exe VirtualTrees 5885 +53
TVirtualTreeHintWindow.ActivateHint
00512693 +017 streamwriter.exe Controls THintWindow.ActivateHintData
004ea1d7 +32b streamwriter.exe Forms TApplication.ActivateHint
004e9b5d +02d streamwriter.exe Forms TApplication.HintTimerExpired
004e67ce +022 streamwriter.exe Forms HintTimerProc
748b79cb +00b user32.dll DispatchMessageW
004e8893 +0f3 streamwriter.exe Forms TApplication.ProcessMessage
004e88d6 +00a streamwriter.exe Forms TApplication.HandleMessage
004e8c01 +0c9 streamwriter.exe Forms TApplication.Run
007b8128 +440 streamwriter.exe streamwriter 269 +99 initialization
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk

thread $25d8: <priority:15>

744a1f1d +12d KERNELBASE.dll WaitForMultipleObjectsEx
744a1dd3 +013 KERNELBASE.dll WaitForMultipleObjects
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
7243c6bb +000 dsound.DLL

thread $1840: <priority:15>

744a1f1d +12d KERNELBASE.dll WaitForMultipleObjectsEx
744a1dd3 +013 KERNELBASE.dll WaitForMultipleObjects
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
7243c6bb +000 dsound.DLL

thread $9e0: <priority:15>

74490b83 +93 KERNELBASE.dll WaitForSingleObjectEx
74490add +0d KERNELBASE.dll WaitForSingleObject
0058e4a9 +0d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +37 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +22 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
72481a80 +00 bass.dll

thread $13bc: <priority:2>

744a1f1d +12d KERNELBASE.dll WaitForMultipleObjectsEx
744a1dd3 +013 KERNELBASE.dll WaitForMultipleObjects
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
724a4564 +000 bass.dll

thread $20dc: <priority:15>

74490b83 +93 KERNELBASE.dll WaitForSingleObjectEx
0058e4a9 +0d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +37 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +22 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
724a4582 +00 bass.dll

thread $1af8: <priority:15>

744a1f1d +12d KERNELBASE.dll WaitForMultipleObjectsEx
744a1dd3 +013 KERNELBASE.dll WaitForMultipleObjects
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
7243c6bb +000 dsound.DLL

thread $1a48 (TSchedulerThread):

744a1f1d +12d KERNELBASE.dll WaitForMultipleObjectsEx
744a1dd3 +013 KERNELBASE.dll WaitForMultipleObjects
00728a73 +413 streamwriter.exe Scheduler 228 +73 TSchedulerThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
00728518 +018 streamwriter.exe Scheduler 98 +1 TSchedulerThread.Create

thread $f80 (TWorkerThread):

74490b83 +93 KERNELBASE.dll
WaitForSingleObjectEx
74490add +0d KERNELBASE.dll WaitForSingleObject
00604b9e +26 streamwriter.exe VirtualTrees.WorkerThread 150 +4
TWorkerThread.Execute
0058e5c7 +2b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +42 streamwriter.exe Classes ThreadProc
004073f4 +28 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +0d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +37 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +22 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
00604ab6 +16 streamwriter.exe VirtualTrees.WorkerThread 97 +1 TWorkerThread.Create

thread $15d0 (TFileWatcher):

744a1f1d +12d KERNELBASE.dll WaitForMultipleObjectsEx
744a1dd3 +013 KERNELBASE.dll WaitForMultipleObjects
0077f7e0 +124 streamwriter.exe FileWatcher 113 +26 TFileWatcher.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
0077f65a +02e streamwriter.exe FileWatcher 68 +1 TFileWatcher.Create
thread $2004:
748b9ffe +5e user32.dll MsgWaitForMultipleObjectsEx
73cb2f79 +89 combase.dll CoWaitForMultipleHandles
0058e4a9 +0d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +37 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +22 KERNEL32.DLL BaseThreadInitThunk
>> created by thread $2028 at:
741b6713 +00 shcore.dll

thread $1194 (TICEThread):

004471d9 +055 streamwriter.exe Classes TStream.Seek
770d5e9c +0bc WS2_32.dll select
0044f4d5 +001 streamwriter.exe Classes TThread.Sleep
005d00c1 +b69 streamwriter.exe Sockets 616 +246 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $1bfc (TICEThread):

770d5e9c +0bc WS2_32.dll select
0044f4d5 +001 streamwriter.exe Classes TThread.Sleep
005d00c1 +b69 streamwriter.exe Sockets 616 +246 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $1738 (TICEThread):

00447e3d +03d streamwriter.exe Classes TMemoryStream.Write
770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $95c (TICEThread):

00447e3d +03d streamwriter.exe Classes TMemoryStream.Write
770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $1460 (TICEThread):

004471d9 +055 streamwriter.exe Classes TStream.Seek
770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $20c4 (TICEThread):

004471d9 +055 streamwriter.exe Classes TStream.Seek
770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $165c (TICEThread):

004471d9 +055 streamwriter.exe Classes TStream.Seek
770d5e9c +0bc WS2_32.dll select
0044f4d5 +001 streamwriter.exe Classes TThread.Sleep
005d00c1 +b69 streamwriter.exe Sockets 616 +246 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $1d64 (TICEThread):

744a3745 +095 KERNELBASE.dll SleepEx
744a369a +00a KERNELBASE.dll Sleep
7080a5be +12e DUI70.dll ?
_BuildFromBinary@DUIXmlParser@DirectUI@@IAEJPAVElement@2@0PBGPAKPAPAV32@@Z
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $20e0 (TICEThread):

004471d9 +055 streamwriter.exe Classes TStream.Seek
770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $d0 (TICEThread):

004471d9 +055 streamwriter.exe Classes TStream.Seek
770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $1eb8 (TICEThread):

004471d9 +055 streamwriter.exe Classes TStream.Seek
770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $25e0 (TICEThread):

004471d9 +055 streamwriter.exe Classes TStream.Seek
770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $f50 (TICEThread):

004471d9 +055 streamwriter.exe Classes TStream.Seek
770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $1b14 (TICEThread):

00447e3d +03d streamwriter.exe Classes TMemoryStream.Write
770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $1f78 (TICEThread):

004059c0 +008 streamwriter.exe System 43 +0 TObject.Free
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $1e54 (THomeThread):

770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
773bfb2a +0aa ntdll.dll bsearch
773bfaf5 +075 ntdll.dll bsearch
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $1a6c (TICEThread):

770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $cd4 (TICEThread):

770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $27a4 (TICEThread):

770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $68c:
747b8482 +22 KERNEL32.DLL BaseThreadInitThunk

thread $24f8: <priority:1>

0058e4a9 +0d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +37 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +22 KERNEL32.DLL BaseThreadInitThunk
>> created by thread $2698 at:
72a5a424 +00 mswsock.dll

thread $664 (TICEThread):

0058e285 +019 streamwriter.exe madExcept InterceptClassDestroy
770d5e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
747b8482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($2040) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

modules:
00400000 streamwriter.exe 5.4.2.1 C:\Program Files
(x86)\streamWriter
10000000 idmmkb.dll 6.19.9.1 C:\Program Files
(x86)\Internet Download Manager
11000000 libeay32.dll 1.0.2.12
C:\Users\Toshiba\AppData\Local\Temp\streamWriter
12000000 ssleay32.dll 1.0.2.12
C:\Users\Toshiba\AppData\Local\Temp\streamWriter
6e660000 CLDAPI.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
6eaa0000 OneCoreUAPCommonProxyStub.dll 6.2.17134.1 C:\Windows\System32
6edd0000 edputil.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
6f2e0000 FileSyncShell.dll 18.151.729.12
C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\18.151.0729.0012
6f6b0000 ntshrui.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
6f780000 twinapi.dll 6.2.17134.1 C:\Windows\System32
6fb30000 NetworkExplorer.dll 6.2.17134.1 C:\WINDOWS\system32
6fc60000 DUser.dll 6.2.17134.1 C:\WINDOWS\system32
6fd40000 explorerframe.dll 6.2.17134.1 C:\WINDOWS\system32
70140000 d3d11.dll 6.2.17134.112 C:\WINDOWS\system32
705f0000 atlthunk.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
70770000 DEVOBJ.dll 6.2.17134.1 C:\WINDOWS\System32
707c0000 DUI70.dll 6.2.17134.112 C:\WINDOWS\system32
70930000 urlmon.dll 11.0.17134.285 C:\WINDOWS\SYSTEM32
70ae0000 dlnashext.dll 6.2.17134.1 C:\Windows\System32
70b20000 StructuredQuery.dll 7.0.17134.228 C:\WINDOWS\System32
70cc0000 CoreUIComponents.dll 6.2.17134.112 C:\WINDOWS\System32
70f20000 winspool.drv 6.2.17134.254 C:\WINDOWS\SYSTEM32
70f90000 msvcp110_win.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
71190000 twinapi.appcore.dll 6.2.17134.137 C:\WINDOWS\system32
71300000 wintypes.dll 6.2.17134.112 C:\WINDOWS\SYSTEM32
71430000 policymanager.dll 6.2.17134.191 C:\WINDOWS\SYSTEM32
714d0000 WINSTA.dll 6.2.17134.1 C:\WINDOWS\System32
71520000 tiptsf.dll 6.2.17134.191 C:\Program Files
(x86)\Common Files\microsoft shared\ink
715b0000 dxgi.dll 6.2.17134.112 C:\WINDOWS\system32
71650000 dcomp.dll 6.2.17134.1 C:\WINDOWS\system32
71790000 AUDIOSES.DLL 6.2.17134.137 C:\WINDOWS\SYSTEM32
718b0000 LINKINFO.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
718c0000 DevDispItemProvider.dll 6.2.17134.1 C:\Windows\System32
718e0000 mscms.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
71970000 wshbth.dll 6.2.17134.1 C:\WINDOWS\System32
71990000 pnrpnsp.dll 6.2.17134.1 C:\WINDOWS\system32
719b0000 CoreMessaging.dll 6.2.17134.285 C:\WINDOWS\System32
71a40000 TextInputFramework.dll 6.2.17134.191 C:\WINDOWS\System32
71ac0000 napinsp.dll 6.2.17134.1 C:\WINDOWS\system32
71ae0000 WindowsCodecs.dll 6.2.17134.285 C:\WINDOWS\SYSTEM32
71c60000 winrnr.dll 6.2.17134.1 C:\WINDOWS\System32
71c70000 srvcli.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
71c90000 wsock32.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
71ca0000 davclnt.dll 6.2.17134.1 C:\WINDOWS\System32
71cc0000 MPR.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
71ce0000 ntlanman.dll 6.2.17134.1 C:\WINDOWS\System32
71d00000 PROPSYS.dll 7.0.17134.112 C:\WINDOWS\SYSTEM32
71f00000 ktmw32.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
71f10000 SAMLIB.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
71f30000 thumbcache.dll 6.2.17134.1 C:\Windows\System32
71f90000 cscapi.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
71fa0000 dataexchange.dll 6.2.17134.1 C:\WINDOWS\system32
71ff0000 dwmapi.dll 6.2.17134.1 C:\WINDOWS\system32
72020000 ntmarta.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72050000 wkscli.dll 6.2.17134.1 C:\WINDOWS\System32
72090000 bass_aac.dll 2.4.5.1
C:\Users\Toshiba\AppData\Local\Temp\streamWriter
720e0000 MMDevApi.dll 6.2.17134.1 C:\WINDOWS\System32
72160000 iertutil.dll 11.0.17134.254 C:\WINDOWS\SYSTEM32
723b0000 samcli.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
723f0000 dsound.DLL 6.2.17134.1 C:\WINDOWS\SYSTEM32
72480000 bass.dll 2.4.12.1
C:\Users\Toshiba\AppData\Local\Temp\streamWriter
724d0000 dbghelp.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72770000 comctl32.dll 6.10.17134.285
C:\WINDOWS\WinSxS\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.17134.285_none_42efceba44e1907b
72990000 DAVHLPR.dll 6.2.17134.1 C:\WINDOWS\System32
729d0000 NLAapi.dll 6.2.17134.1 C:\WINDOWS\system32
729f0000 fwpuclnt.dll 6.2.17134.1 C:\WINDOWS\System32
72a40000 mswsock.dll 6.2.17134.1 C:\WINDOWS\System32
72aa0000 drprov.dll 6.2.17134.1 C:\WINDOWS\System32
72b30000 RMCLIENT.dll 6.2.17134.81 C:\WINDOWS\system32
72d50000 netutils.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72d60000 ColorAdapterClient.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72d70000 dbgcore.DLL 6.2.17134.1 C:\WINDOWS\SYSTEM32
72da0000 FaultRep.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72e00000 WINMMBASE.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72e30000 oleacc.dll 7.2.17134.1 C:\WINDOWS\SYSTEM32
72f10000 uxtheme.dll 6.2.17134.1 C:\WINDOWS\system32
72fa0000 rasadhlp.dll 6.2.17134.1 C:\Windows\System32
72fb0000 MSACM32.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72fd0000 rsaenh.dll 6.2.17134.254 C:\WINDOWS\system32
73000000 CRYPTSP.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
73020000 DNSAPI.dll 6.2.17134.165 C:\WINDOWS\SYSTEM32
730b0000 AVRT.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
730c0000 winmm.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
730f0000 IPHLPAPI.DLL 6.2.17134.1 C:\WINDOWS\SYSTEM32
73120000 WININET.dll 11.0.17134.254 C:\WINDOWS\SYSTEM32
73560000 USERENV.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
735a0000 olepro32.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
735c0000 bcrypt.dll 6.2.17134.112 C:\WINDOWS\SYSTEM32
73ab0000 apphelp.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
73be0000 version.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
73bf0000 msimg32.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
73c00000 CRYPTBASE.dll 6.2.17134.1 C:\WINDOWS\System32
73c10000 SspiCli.dll 6.2.17134.1 C:\WINDOWS\System32
73c30000 combase.dll 6.2.17134.112 C:\WINDOWS\System32
73e90000 ucrtbase.dll 6.2.17134.254 C:\WINDOWS\System32
73fb0000 advapi32.dll 6.2.17134.1 C:\WINDOWS\System32
74030000 gdi32full.dll 6.2.17134.285 C:\WINDOWS\System32
741a0000 shcore.dll 6.2.17134.112 C:\WINDOWS\System32
74230000 IMM32.DLL 6.2.17134.1 C:\WINDOWS\System32
74260000 coml2.dll 6.2.17134.1 C:\WINDOWS\System32
742c0000 msvcp_win.dll 6.2.17134.1 C:\WINDOWS\System32
743a0000 KERNELBASE.dll 6.2.17134.165 C:\WINDOWS\System32
74590000 bcryptPrimitives.dll 6.2.17134.137 C:\WINDOWS\System32
747a0000 KERNEL32.DLL 6.2.17134.1 C:\WINDOWS\System32
74880000 user32.dll 6.2.17134.1 C:\WINDOWS\System32
74a10000 NSI.dll 6.2.17134.1 C:\WINDOWS\System32
74a20000 cfgmgr32.dll 6.2.17134.1 C:\WINDOWS\System32
74a60000 profapi.dll 6.2.17134.1 C:\WINDOWS\System32
74a80000 ole32.dll 6.2.17134.137 C:\WINDOWS\System32
74be0000 clbcatq.dll 2001.12.10941.16384 C:\WINDOWS\System32
74c70000 msvcrt.dll 7.0.17134.1 C:\WINDOWS\System32
74d30000 comdlg32.dll 6.2.17134.1 C:\WINDOWS\System32
74e10000 win32u.dll 6.2.17134.1 C:\WINDOWS\System32
74e30000 kernel.appcore.dll 6.2.17134.112 C:\WINDOWS\System32
74e60000 shlwapi.dll 6.2.17134.1 C:\WINDOWS\System32
75470000 RPCRT4.dll 6.2.17134.112 C:\WINDOWS\System32
75530000 powrprof.dll 6.2.17134.1 C:\WINDOWS\System32
75580000 FLTLIB.DLL 6.2.17134.1 C:\WINDOWS\System32
75590000 GDI32.dll 6.2.17134.285 C:\WINDOWS\System32
755c0000 MSCTF.dll 6.2.17134.285 C:\WINDOWS\System32
75760000 sechost.dll 6.2.17134.1 C:\WINDOWS\System32
757b0000 windows.storage.dll 6.2.17134.285 C:\WINDOWS\System32
75d70000 shell32.dll 6.2.17134.228 C:\WINDOWS\System32
770c0000 WS2_32.dll 6.2.17134.1 C:\WINDOWS\System32
77130000 oleaut32.dll 6.2.17134.48 C:\WINDOWS\System32
77350000 ntdll.dll 6.2.17134.254 C:\WINDOWS\SYSTEM32

processes:
0000 Idle 0 0 0
0004 System 0 0 0
0060 Registry 0 0 0
01e4 smss.exe 0 0 0
02a0 csrss.exe 0 0 0
02ec csrss.exe 1 0 0
0304 wininit.exe 0 0 0
0334 winlogon.exe 1 0 0
037c services.exe 0 0 0
03a8 lsass.exe 0 0 0
0164 svchost.exe 0 0 0
0250 svchost.exe 0 0 0
020c fontdrvhost.exe 0 0 0
0264 fontdrvhost.exe 1 0 0
0410 svchost.exe 0 0 0
0438 svchost.exe 0 0 0
0470 dwm.exe 1 0 0
04ec svchost.exe 0 0 0
0540 svchost.exe 0 0 0
0590 svchost.exe 0 0 0
0598 svchost.exe 0 0 0
05ac svchost.exe 0 0 0
0620 svchost.exe 0 0 0
0638 svchost.exe 0 0 0
064c WUDFHost.exe 0 0 0
0654 svchost.exe 0 0 0
0670 svchost.exe 0 0 0
06d0 svchost.exe 0 0 0
06d8 svchost.exe 0 0 0
0758 svchost.exe 0 0 0
077c svchost.exe 0 0 0
0798 svchost.exe 0 0 0
07b8 svchost.exe 0 0 0
07d8 svchost.exe 0 0 0
0434 svchost.exe 0 0 0
0584 svchost.exe 0 0 0
057c svchost.exe 0 0 0
0830 svchost.exe 0 0 0
0844 svchost.exe 0 0 0
0898 svchost.exe 0 0 0
08a0 svchost.exe 0 0 0
08a8 svchost.exe 0 0 0
0930 svchost.exe 0 0 0
0978 svchost.exe 0 0 0
0998 svchost.exe 0 0 0
0a58 svchost.exe 0 0 0
0aa4 svchost.exe 0 0 0
0af0 svchost.exe 0 0 0
0b48 svchost.exe 0 0 0
0bc0 spoolsv.exe 0 0 0
0be8 svchost.exe 0 0 0
0a1c svchost.exe 0 0 0
0c28 svchost.exe 0 0 0
0c30 MsMpEng.exe 0 0 0
0c38 BootTime.exe 0 0 0
0c40 svchost.exe 0 0 0
0c4c svchost.exe 0 0 0
0c54 svchost.exe 0 0 0
0c5c svchost.exe 0 0 0
0c64 svchost.exe 0 0 0
0c6c svchost.exe 0 0 0
0c9c SecurityHealthService.exe 0 0 0
0d48 svchost.exe 0 0 0
0d5c svchost.exe 0 0 0
0dc0 BingDesktopUpdater.exe 0 0 0
0df8 svchost.exe 0 0 0
0e0c svchost.exe 0 0 0
0ac8 svchost.exe 0 0 0
1034 svchost.exe 0 0 0
112c svchost.exe 0 0 0
1284 sihost.exe 1 0 14 normal C:\Windows\System32
134c svchost.exe 1 0 1 normal C:\Windows\System32
138c svchost.exe 1 4 5 normal C:\Windows\System32
0560 taskhostw.exe 1 8 6 normal C:\Windows\System32
02a8 svchost.exe 0 0 0
0f24 ctfmon.exe 1 0 0
05bc svchost.exe 0 0 0
09ac explorer.exe 1 543 512 below normal C:\Windows
0e88 svchost.exe 0 0 0
1468 svchost.exe 0 0 0
15f0 dllhost.exe 1 1 5 normal C:\Windows\System32
172c ShellExperienceHost.exe 1 14 109 normal
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy
1780 NisSrv.exe 0 0 0
0498 RuntimeBroker.exe 1 40 17 normal C:\Windows\System32
11a4 SettingSyncHost.exe 1 0 5 below normal C:\Windows\System32
1d20 svchost.exe 1 0 1 normal C:\Windows\System32
1d48 IEMonitor.exe 1 13 17 normal C:\Program Files
(x86)\Internet Download Manager
1d5c SearchIndexer.exe 0 0 0
1c84 svchost.exe 0 0 0
1160 svchost.exe 0 0 0
0d18 svchost.exe 0 0 0
1ec0 WiseMemoryOptimzer.exe 1 0 0
1a10 SgrmBroker.exe 0 0 0
0618 svchost.exe 0 0 0
0280 svchost.exe 0 0 0
1a34 RuntimeBroker.exe 1 40 4 normal C:\Windows\System32
2048 notepad.exe 1 34 25 normal C:\Windows\System32
1f28 SystemSettingsBroker.exe 1 0 14 normal C:\Windows\System32
1028 svchost.exe 0 0 0
047c ApplicationFrameHost.exe 1 29 18 normal C:\Windows\System32
0754 Taskmgr.exe 1 0 0
2138 svchost.exe 0 0 0
100c svchost.exe 0 0 0
1bac notepad.exe 1 85 49 below normal C:\Windows\System32
07a8 dasHost.exe 0 0 0
29bc streamwriter.exe 1 959 328 normal C:\Program Files
(x86)\streamWriter
164c chrome.exe 1 213 123 below normal C:\Program Files
(x86)\Google\Chrome\Application
2548 chrome.exe 1 0 4 below normal C:\Program Files
(x86)\Google\Chrome\Application
24c0 chrome.exe 1 0 4 below normal C:\Program Files
(x86)\Google\Chrome\Application
2bd4 chrome.exe 1 8 6 below normal C:\Program Files
(x86)\Google\Chrome\Application
0bbc chrome.exe 1 0 0 normal C:\Program Files
(x86)\Google\Chrome\Application
2630 chrome.exe 1 0 0 normal C:\Program Files
(x86)\Google\Chrome\Application
1b4c chrome.exe 1 0 0 normal C:\Program Files
(x86)\Google\Chrome\Application
20b8 chrome.exe 1 0 0 normal C:\Program Files
(x86)\Google\Chrome\Application
0524 cmd.exe 1 0 0 below normal C:\Windows\System32
0d94 conhost.exe 1 16 11 below normal C:\Windows\System32
1f3c fireshot-chrome-plugin.exe 1 252 210 below normal
C:\Users\Toshiba\AppData\Roaming\FireShot
2ab0 notepad.exe 1 85 37 below normal C:\Windows\System32
2a44 svchost.exe 1 0 1 normal C:\Windows\System32
19fc chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
299c IDMan.exe 1 173 118 normal C:\Program Files
(x86)\Internet Download Manager
207c WiseCare365.exe 1 0 0
1704 WiseTray.exe 1 0 0
1618 Microsoft.Photos.exe 1 0 10 normal C:\Program
Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe
23d4 RuntimeBroker.exe 1 0 13 normal C:\Windows\System32
2350 WinStore.App.exe 1 7 55 normal C:\Program
Files\WindowsApps\Microsoft.WindowsStore_11808.1001.10.0_x64__8wekyb3d8bbwe
27ec RuntimeBroker.exe 1 36 5 normal C:\Windows\System32
2888 svchost.exe 0 0 0
1214 chrome.exe 1 0 1 below normal C:\Program Files
(x86)\Google\Chrome\Application
1b88 chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
232c chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
2024 chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
275c chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
26ec chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
0e4c chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
24d0 chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
2678 chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
2554 chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
1760 chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
13e4 chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
1918 chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
10fc chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
2140 chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
2868 chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
2438 chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
1c28 chrome.exe 1 0 0 idle C:\Program Files
(x86)\Google\Chrome\Application
18f0 chrome.exe 1 0 0 normal C:\Program Files
(x86)\Google\Chrome\Application
17c4 SearchProtocolHost.exe 0 0 0
1b74 SearchProtocolHost.exe 1 0 1 idle C:\Windows\System32
27fc svchost.exe 0 0 0
28a4 SearchFilterHost.exe 0 0 0
07ac audiodg.exe 0 0 0

hardware:
+ {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
- Fax
- Fila de Impressão de Raiz
- Foxit Reader PDF Printer
- Microsoft Print to PDF
- Microsoft XPS Document Writer
+ {36fc9e60-c465-11cf-8056-444553540000}
- Concentrador Raiz USB (USB 3.0)
- Concentrador Raiz USB (usbport)
- Concentrador Raiz USB (usbport)
- Dispositivo composto USB
- Dispositivo de armazenamento de massa USB
- Dispositivo de armazenamento de massa USB
- Generic USB Hub
- Generic USB Hub
- Generic USB Hub
- Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller -
1C26 (driver 10.1.1.44)
- Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller -
1C2D (driver 10.1.1.44)
- Renesas USB 3.0 eXtensible Host Controller - 0.96 (Microsoft)
+ {4d36e965-e325-11ce-bfc1-08002be10318}
- MATSHITA DVD-RAM UJ8E2
+ {4d36e966-e325-11ce-bfc1-08002be10318}
- PC ACPI baseado em x64
+ {4d36e967-e325-11ce-bfc1-08002be10318}
- HGST HTS725050A7E630
- Lexar JumpDrive USB Device
- TOSHIBA External USB 3.0 USB Device
+ {4d36e968-e325-11ce-bfc1-08002be10318}
- Intel(R) HD Graphics 3000 (driver 9.17.10.4459)
+ {4d36e96a-e325-11ce-bfc1-08002be10318}
- Intel(R) Mobile Express Chipset SATA AHCI Controller (driver 12.8.20.1002)
+ {4d36e96b-e325-11ce-bfc1-08002be10318}
- Teclado Padrão PS/2
+ {4d36e96c-e325-11ce-bfc1-08002be10318}
- Realtek High Definition Audio (driver 6.0.1.8186)
- Áudio Intel(R) para Ecrãs (driver 6.16.0.3200)
+ {4d36e96e-e325-11ce-bfc1-08002be10318}
- Monitor PnP Genérico
+ {4d36e96f-e325-11ce-bfc1-08002be10318}
- Rato compatível com HID
- Rato Compatível com PS/2
+ {4d36e970-e325-11ce-bfc1-08002be10318}
- Ricoh PCIe Memory Stick Host Controller (driver 6.21.11.30)
- Ricoh PCIe SD/MMC Host Controller (driver 6.21.11.46)
- Ricoh PCIe xD-Picture Card Controller (driver 6.21.11.16)
+ {4d36e972-e325-11ce-bfc1-08002be10318}
- Bluetooth Device (Personal Area Network)
- Bluetooth Device (RFCOMM Protocol TDI)
- Intel(R) 82579LM Gigabit Network Connection (driver 12.15.31.4)
- Intel(R) Centrino(R) Advanced-N 6230 (driver 15.17.0.1)
- Microsoft Kernel Debug Network Adapter
- WAN Miniport (IKEv2)
- WAN Miniport (IP)
- WAN Miniport (IPv6)
- WAN Miniport (L2TP)
- WAN Miniport (Network Monitor)
- WAN Miniport (PPPOE)
- WAN Miniport (PPTP)
- WAN Miniport (SSTP)
- Windscribe VPN (driver 9.0.0.21)
+ {4d36e978-e325-11ce-bfc1-08002be10318}
- Intel(R) Active Management Technology - SOL (COM3) (driver 11.5.0.1012)
+ {4d36e97b-e325-11ce-bfc1-08002be10318}
- Controlador de Espaços de Armazenamento da Microsoft
+ {4d36e97d-e325-11ce-bfc1-08002be10318}
- 2nd generation Intel(R) Core(TM) processor family DRAM Controller - 0104
(driver 10.1.1.44)
- Barramento Redirecionador de Dispositivo do Ambiente de Trabalho Remoto
- Bluetooth ACPI (driver 10.18.427.0)
- Botão de alimentação ACPI
- Botão de funcionalidade fixa ACPI
- Botão de Iniciação Direta de Aplicação
- Botão de Iniciação Direta de Aplicação
- Botão de Iniciação Direta de Aplicação
- Bridge PCI para PCI
- Complexo de Raiz PCI Express
- Controlador BIOS Microsoft System Management
- Controlador de acesso direto à memória (DMA)
- Controlador de Arbitragem de Carga
- Controlador de Composição Básica da Microsoft
 - Controlador de Visualização Básico da Microsoft
- Controlador PIC
- Enumerador de Adaptador de Rede Virtual NDIS
- Enumerador de Barramento Para Dispositivos Compostos
- Enumerador de Barramento Raiz UMBus
- Enumerador de Dispositivos de Software Plug and Play
- Enumerador de Unidades Virtuais da Microsoft
- Gestor de Volumes
- Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
(driver 10.1.1.44)
- Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
(driver 10.1.1.44)
- Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14
(driver 10.1.1.44)
- Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18
(driver 10.1.1.44)
- Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A
(driver 10.1.1.44)
- Intel(R) High Definition Audio - 1C20 (driver 9.2.0.1016)
- Intel(R) Management Engine Interface (driver 11.0.5.1189)
- Intel(R) QM67 Express Chipset Family LPC Interface Controller - 1C4F (driver
10.1.1.44)
- Placa de sistema
- Processador de dados numéricos (NDP)
- Recursos da placa principal
- Recursos da placa principal
- Recursos da placa principal
- Recursos da placa principal
- Relógio CMOS de sistema/tempo real
- Sistema compatível com Microsoft ACPI
- Tampa ACPI
- Temporizador de eventos de alta precisão
- Temporizador do sistema
- TOSHIBA HDD Protection - Shock Sensor Driver (driver 2.5.0.1)
- TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
(driver 3.2.0.2)
- Zona térmica ACPI
+ {50127dc3-0f36-415e-a6cc-4cb3be910b65}
- Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
- Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
- Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
- Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
+ {533c5b84-ec70-11d2-9505-00c04f79deaf}
- Cópia sombra de volume genérico
- Cópia sombra de volume genérico
- Cópia sombra de volume genérico
- Cópia sombra de volume genérico
- Cópia sombra de volume genérico
- Cópia sombra de volume genérico
- Cópia sombra de volume genérico
- Cópia sombra de volume genérico
- Cópia sombra de volume genérico
- Cópia sombra de volume genérico
+ {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
- Bluetooth
- Microsoft Device Association Root Enumerator
- Microsoft Radio Device Enumeration Bus
- Microsoft RRAS Root Enumerator
- Sintetizador de Wavetable Microsoft GS
 - Wi-Fi
+ {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
- Bateria do Método de Controlo em Conformidade com ACPI Microsoft
- Transformador Microsoft
+ {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
- Controlos de rádio sem fios compatíveis com HID
- Dispositivo de controlo para consumidores compatível com HID
- Dispositivo de controlo para consumidores compatível com HID
- Dispositivo USB de Introdução de Texto
- Toshiba Hotkey Driver (driver 9.5.0.0)
+ {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
- Altifalantes (Realtek High Definition Audio)
- Microfone (Realtek High Definition Audio)
- Mistura estéreo (Realtek High Definition Audio)
+ {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
- Chicony USB 2.0 Camera
+ {d94ee5d8-d189-4994-83d2-f68d7d41b0e6}
- Trusted Platform Module 1.2
+ {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
- Enumerador Microsoft Bluetooth
- Intel(R) Wireless Bluetooth(R) (driver 3.0.1310.386)
+ {eec5ad98-8080-425f-922a-dabf3de3f69a}
- Lexar
- TOSHIBA EXT

cpu registers:
eax = 00006e00
ebx = 1422f8ac
ecx = 1423670f
edx = 1422f8ac
esi = 000000ce
edi = 00006e65
eip = 75e88c08
esp = 0019eba0
ebp = 0019ebb4

stack dump:
0019eba0 2a 00 00 00 ac f8 22 14 - 8e 47 40 00 f0 74 40 00 *....."..G@..t@.
0019ebb0 9f 23 0f ae dc eb 19 00 - 2c 2e 66 00 ac f8 22 14 .#......,.f...".
0019ebc0 90 0a b7 0d 10 2f 66 00 - e4 eb 19 00 28 6b 40 00 ...../f.....(k@.
0019ebd0 dc eb 19 00 2c 00 00 00 - 00 00 00 00 24 ec 19 00 ....,.......$...
0019ebe0 9f 2c 66 00 2c ec 19 00 - 28 6b 40 00 24 ec 19 00 .,f.,...(k@.$...
0019ebf0 f0 cd 96 0f f8 7f b7 0d - 80 d0 b6 0d 00 00 00 00 ................
0019ec00 00 00 00 00 01 00 00 00 - 00 a0 c2 10 00 00 00 00 ................
0019ec10 60 51 f0 01 90 0a b7 0d - 80 d0 b6 0d 00 00 00 00 `Q..............
0019ec20 00 00 00 00 40 ec 19 00 - 8e 34 66 00 8c f0 19 00 ....@....4f.....
0019ec30 28 6b 40 00 40 ec 19 00 - 01 cd 96 0f d0 cc 96 0f (k@.@...........
0019ec40 01 00 00 00 f7 a0 66 00 - b4 ec 19 00 03 00 00 00 ......f.........
0019ec50 f0 cd 96 0f 70 8c 65 00 - a0 8e 7a 0d e8 ec 19 00 ....p.e...z.....
0019ec60 64 00 04 80 02 00 00 00 - f8 7f b7 0d 02 00 00 00 d...............
0019ec70 90 ec 19 00 f4 ec 19 00 - b4 ec 19 00 6c 62 66 00 ............lbf.
0019ec80 e0 77 65 00 b0 69 65 00 - e8 ec 19 00 a9 68 65 00 .we..ie......he.
0019ec90 cc ec 19 00 46 6b eb 75 - a0 8e 7a 0d b4 ec 19 00 ....Fk.u..z.....
0019eca0 e8 ec 19 00 00 00 00 00 - 50 8f 7a 0d 90 da ec 00 ........P.z.....
0019ecb0 e4 ec 19 00 b0 c0 40 00 - 00 00 00 00 01 00 00 00 ......@.........
0019ecc0 ff ff ff ff 01 00 00 00 - e7 24 0f ae f8 ec 19 00 .........$......
0019ecd0 7d 1d fd 75 e8 ec 19 00 - e4 ec 19 00 94 da ec 00 }..u............

disassembling:
00662e1c public DragDropPIDL.StringToPIDL: ; function entry point
00662e1c 695 push ebx
00662e1d mov ebx, eax
00662e1f 696 mov eax, ebx
00662e21 call -$25aee2 ($407f44) ; System.@LStrToPChar
00662e26 push eax
00662e27 > call -$5b4 ($662878) ; DragDropPIDL.ILClone
00662e2c 697 pop ebx
00662e2d ret

date/time : 2018-10-29, 06:27:40, 533ms

computer name : DESKTOP-Q0FOGBE
user name : Toshiba
operating system : Windows 10 x64 build 17134
system language : Portuguese
system up time : 7 days 20 hours
program up time : 2 days 4 hours
processors : 4x Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
physical memory : 5792/8071 MB (free/total)
free disk space : (C:) 46,59 GB
display mode : 1366x768, 32 bit
process id : $d58
allocated memory : 208,42 MB
largest free block : 1,92 GB
executable : streamwriter.exe
exec. date/time : 2018-08-02 18:27
version : 5.4.2.1
compiled with : Delphi XE
madExcept version : 4.0.20
callstack crc : $0bb7c2f2, $6483679a, $ddafdac2
exception number : 1
exception class : EAccessViolation
exception message : Zugriffsverletzung bei Adresse 753175F8 in Modul
'shell32.dll'. Lesen von Adresse 135B08E5.

main thread ($a4c):

753175f8 +028 shell32.dll ILClone
00662e27 +00b streamwriter.exe DragDropPIDL 696 +1 StringToPIDL
00662f0b +023 streamwriter.exe DragDropPIDL 784 +1 TPIDLList.Add
00662c9a +132 streamwriter.exe DragDropPIDL 523 +31 GetPIDLsFromFilenames
00663489 +039 streamwriter.exe DragDropPIDL 912 +5
TPIDLsToFilenamesStrings.Assign
0066a0f4 +040 streamwriter.exe DragDropFile 3147 +7 TFileDataFormat.AssignTo
00658c6d +0c1 streamwriter.exe DropSource 1507 +36
TCustomDropMultiSource.DoGetData
006577dd +049 streamwriter.exe DropSource 680 +11 TCustomDropSource.GetData
006220fa +06a streamwriter.exe VirtualTrees 5379 +11 TVTDragManager.DragEnter
7504d73e +0de ole32.dll DoDragDrop
00657e1e +132 streamwriter.exe DropSource 992 +58 TCustomDropSource.DoExecute
0065f3af +00f streamwriter.exe DragDrop 1501 +2 TCustomDataFormat.Changing
00658135 +1ad streamwriter.exe DropSource 1145 +60 TCustomDropSource.Execute
00759ecc +2e0 streamwriter.exe ClientView 1285 +51 TMClientView.DoDragging
0063f855 +2bd streamwriter.exe VirtualTrees 24075 +77 TBaseVirtualTree.MouseMove
00509162 +07e streamwriter.exe Controls TControl.WMMouseMove
0050883c +2d4 streamwriter.exe Controls TControl.WndProc
0050d100 +568 streamwriter.exe Controls TWinControl.WndProc
0064310c +0e8 streamwriter.exe VirtualTrees 26012 +32 TBaseVirtualTree.WndProc
0050c7a0 +02c streamwriter.exe Controls TWinControl.MainWndProc
00451430 +014 streamwriter.exe Classes StdWndProc
76d779cb +00b user32.dll DispatchMessageW
004e8893 +0f3 streamwriter.exe Forms TApplication.ProcessMessage
004e88d6 +00a streamwriter.exe Forms TApplication.HandleMessage
004e8c01 +0c9 streamwriter.exe Forms TApplication.Run
007b8128 +440 streamwriter.exe streamwriter 269 +99 initialization
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk

thread $1aa0: <priority:15>

73b8593d +12d KERNELBASE.dll WaitForMultipleObjectsEx
73b857f3 +013 KERNELBASE.dll WaitForMultipleObjects
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
7254c6bb +000 dsound.DLL

thread $24cc: <priority:15>

73b8593d +12d KERNELBASE.dll WaitForMultipleObjectsEx
73b857f3 +013 KERNELBASE.dll WaitForMultipleObjects
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
7254c6bb +000 dsound.DLL

thread $19a4: <priority:15>

73b745c3 +93 KERNELBASE.dll WaitForSingleObjectEx
73b7451d +0d KERNELBASE.dll WaitForSingleObject
0058e4a9 +0d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +37 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
72591a80 +00 bass.dll

thread $215c: <priority:2>

73b8593d +12d KERNELBASE.dll WaitForMultipleObjectsEx
73b857f3 +013 KERNELBASE.dll WaitForMultipleObjects
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
725b4564 +000 bass.dll

thread $1604: <priority:15>

73b745c3 +93 KERNELBASE.dll WaitForSingleObjectEx
0058e4a9 +0d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +37 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
725b4582 +00 bass.dll

thread $2f0c: <priority:15>

73b8593d +12d KERNELBASE.dll WaitForMultipleObjectsEx
73b857f3 +013 KERNELBASE.dll WaitForMultipleObjects
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
7254c6bb +000 dsound.DLL
thread $f48 (TSchedulerThread):
73b8593d +12d KERNELBASE.dll WaitForMultipleObjectsEx
73b857f3 +013 KERNELBASE.dll WaitForMultipleObjects
00728a73 +413 streamwriter.exe Scheduler 228 +73 TSchedulerThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
00728518 +018 streamwriter.exe Scheduler 98 +1 TSchedulerThread.Create

thread $2b90 (TWorkerThread):

73b745c3 +93 KERNELBASE.dll
WaitForSingleObjectEx
73b7451d +0d KERNELBASE.dll WaitForSingleObject
00604b9e +26 streamwriter.exe VirtualTrees.WorkerThread 150 +4
TWorkerThread.Execute
0058e5c7 +2b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +42 streamwriter.exe Classes ThreadProc
004073f4 +28 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +0d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +37 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
00604ab6 +16 streamwriter.exe VirtualTrees.WorkerThread 97 +1 TWorkerThread.Create

thread $a1c (TFileWatcher):

73b8593d +12d KERNELBASE.dll WaitForMultipleObjectsEx
73b857f3 +013 KERNELBASE.dll WaitForMultipleObjects
0077f7e0 +124 streamwriter.exe FileWatcher 113 +26 TFileWatcher.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
0077f65a +02e streamwriter.exe FileWatcher 68 +1 TFileWatcher.Create

thread $1fb4:
76d79ffe +5e user32.dll MsgWaitForMultipleObjectsEx
747f2f79 +89 combase.dll CoWaitForMultipleHandles
0058e4a9 +0d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +37 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk
>> created by thread $56c at:
744b6713 +00 shcore.dll

thread $20f4:
76d7a79a +2a user32.dll GetMessageW
0058e4a9 +0d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +37 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
744b6713 +00 shcore.dll
thread $2d90:
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk

thread $274: <priority:1>

0058e4a9 +0d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +37 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk
>> created by thread $2904 at:
72e8a424 +00 mswsock.dll

thread $2218 (TICEThread):

73c95e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $c40:
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk

thread $33ec:
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk

thread $156c:
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk

thread $1ee0:
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk

thread $2080:
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk

thread $22ec:
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk

thread $32ec:
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk

thread $2190:
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk

thread $1d94 (THomeThread):

73c95e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
7718fb2a +0aa ntdll.dll bsearch
7718faf5 +075 ntdll.dll bsearch
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $840 (TICEThread):

73c95e9c +0bc WS2_32.dll select
7718a5aa +00a ntdll.dll NtDelayExecution
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $1334 (TICEThread):

73c95e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $3178 (TICEThread):

004471d9 +055 streamwriter.exe Classes TStream.Seek
73c95e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $eb8 (TICEThread):

73c95e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $50c (TICEThread):

73c95e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $11f8 (TICEThread):

73b87155 +95 KERNELBASE.dll SleepEx
7718fb2a +aa ntdll.dll bsearch
7718faf5 +75 ntdll.dll bsearch
0058e5c7 +2b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +42 streamwriter.exe Classes ThreadProc
004073f4 +28 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +0d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +37 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
005cf28d +35 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $2bc4 (TICEThread):

73c95e9c +0bc WS2_32.dll select
005cfc4c +6f4 streamwriter.exe Sockets 532 +162 TSocketThread.Execute
00725580 +000 streamwriter.exe ICEThread 597 +0 TICEThread.Execute
0058e5c7 +02b streamwriter.exe madExcept HookedTThreadExecute
0044e76a +042 streamwriter.exe Classes ThreadProc
004073f4 +028 streamwriter.exe System 43 +0 ThreadWrapper
0058e4a9 +00d streamwriter.exe madExcept CallThreadProcSafe
0058e513 +037 streamwriter.exe madExcept ThreadExceptFrame
76f68482 +022 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($a4c) at:
005cf28d +035 streamwriter.exe Sockets 238 +1 TSocketThread.Create

thread $1d84:
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk

thread $334c:
76f68482 +22 KERNEL32.DLL BaseThreadInitThunk

modules:
00400000 streamwriter.exe 5.4.2.1 C:\Program Files
(x86)\streamWriter
11000000 libeay32.dll 1.0.2.12
C:\Users\Toshiba\AppData\Local\Temp\streamWriter
12000000 ssleay32.dll 1.0.2.12
C:\Users\Toshiba\AppData\Local\Temp\streamWriter
6b310000 twinapi.appcore.dll 6.2.17134.137 C:\WINDOWS\system32
6bef0000 d3d11.dll 6.2.17134.112 C:\WINDOWS\system32
6c150000 XmlLite.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
6eea0000 FileSyncShell.dll 18.172.826.10
C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\18.172.0826.0010
6f280000 msvcp110_win.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
6f2f0000 policymanager.dll 6.2.17134.191 C:\WINDOWS\SYSTEM32
6f390000 ntshrui.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
6f750000 OneCoreUAPCommonProxyStub.dll 6.2.17134.1 C:\Windows\System32
6fa80000 explorerframe.dll 6.2.17134.1 C:\WINDOWS\system32
6fe80000 dcomp.dll 6.2.17134.1 C:\WINDOWS\system32
70150000 WindowsCodecs.dll 6.2.17134.345 C:\WINDOWS\SYSTEM32
703f0000 twinapi.dll 6.2.17134.1 C:\Windows\System32
70590000 dxgi.dll 6.2.17134.112 C:\WINDOWS\system32
70630000 dataexchange.dll 6.2.17134.1 C:\WINDOWS\system32
70680000 srvcli.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
706a0000 Windows.Storage.Search.dll 6.2.17134.1 C:\WINDOWS\system32
709b0000 AUDIOSES.DLL 6.2.17134.137 C:\WINDOWS\SYSTEM32
70ab0000 DevDispItemProvider.dll 6.2.17134.1 C:\Windows\System32
70ad0000 dlnashext.dll 6.2.17134.1 C:\Windows\System32
70db0000 MrmCoreR.dll 6.2.17134.1 C:\Windows\System32
70ee0000 NetworkExplorer.dll 6.2.17134.1 C:\WINDOWS\system32
71010000 DUI70.dll 6.2.17134.112 C:\WINDOWS\system32
71180000 MPR.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
711b0000 MMDevApi.dll 6.2.17134.1 C:\WINDOWS\System32
71210000 StructuredQuery.dll 7.0.17134.228 C:\WINDOWS\System32
712e0000 WINSTA.dll 6.2.17134.1 C:\WINDOWS\System32
71380000 PortableDeviceApi.dll 6.2.17134.1 C:\Windows\System32
71410000 apphelp.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
714b0000 rstrtmgr.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
71550000 davclnt.dll 6.2.17134.1 C:\WINDOWS\System32
715b0000 DUser.dll 6.2.17134.1 C:\WINDOWS\system32
71630000 dbghelp.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
717e0000 wintypes.dll 6.2.17134.112 C:\WINDOWS\SYSTEM32
718c0000 LINKINFO.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
71940000 urlmon.dll 11.0.17134.345 C:\WINDOWS\SYSTEM32
71ae0000 cscapi.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
71af0000 ntlanman.dll 6.2.17134.1 C:\WINDOWS\System32
71b10000 WINMMBASE.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
71b40000 wkscli.dll 6.2.17134.1 C:\WINDOWS\System32
71b90000 tiptsf.dll 6.2.17134.191 C:\Program Files
(x86)\Common Files\microsoft shared\ink
71c20000 Windows.StateRepositoryPS.dll 6.2.17134.112 C:\Windows\System32
71cb0000 gdiplus.dll 6.2.17134.345
C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.345_none
_73dac4159f74062c
71e20000 thumbcache.dll 6.2.17134.319 C:\Windows\System32
71e70000 MSACM32.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
71e90000 DAVHLPR.dll 6.2.17134.1 C:\WINDOWS\System32
71ea0000 mscms.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
71f30000 Windows.Globalization.dll 6.2.17134.254 C:\Windows\System32
72060000 bass_aac.dll 2.4.5.1
C:\Users\Toshiba\AppData\Local\Temp\streamWriter
720b0000 winmm.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
720e0000 CoreUIComponents.dll 6.2.17134.112 C:\WINDOWS\System32
72340000 ntmarta.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72370000 DEVOBJ.dll 6.2.17134.1 C:\WINDOWS\System32
723a0000 CoreMessaging.dll 6.2.17134.345 C:\WINDOWS\System32
72430000 TextInputFramework.dll 6.2.17134.191 C:\WINDOWS\System32
724b0000 drprov.dll 6.2.17134.1 C:\WINDOWS\System32
724c0000 SAMLIB.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
724e0000 RMCLIENT.dll 6.2.17134.81 C:\WINDOWS\system32
72500000 dsound.DLL 6.2.17134.1 C:\WINDOWS\SYSTEM32
72590000 bass.dll 2.4.12.1
C:\Users\Toshiba\AppData\Local\Temp\streamWriter
725e0000 NTASN1.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72640000 dbgcore.DLL 6.2.17134.1 C:\WINDOWS\SYSTEM32
72670000 ncrypt.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72700000 samcli.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72720000 FaultRep.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72780000 PROPSYS.dll 7.0.17134.112 C:\WINDOWS\SYSTEM32
72900000 olepro32.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
729d0000 iertutil.dll 11.0.17134.320 C:\WINDOWS\SYSTEM32
72c00000 netutils.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72c10000 wshbth.dll 6.2.17134.1 C:\WINDOWS\System32
72c30000 PlayToDevice.dll 6.2.17134.1 C:\Windows\System32
72ca0000 oleacc.dll 7.2.17134.1 C:\WINDOWS\SYSTEM32
72d00000 winspool.drv 6.2.17134.319 C:\WINDOWS\SYSTEM32
72d70000 wsock32.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72d80000 pnrpnsp.dll 6.2.17134.1 C:\WINDOWS\system32
72da0000 napinsp.dll 6.2.17134.1 C:\WINDOWS\system32
72dc0000 AVRT.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
72de0000 dwmapi.dll 6.2.17134.1 C:\WINDOWS\system32
72e70000 mswsock.dll 6.2.17134.1 C:\WINDOWS\System32
72ed0000 bcrypt.dll 6.2.17134.112 C:\WINDOWS\SYSTEM32
72ef0000 fwpuclnt.dll 6.2.17134.1 C:\WINDOWS\System32
72f40000 WININET.dll 11.0.17134.345 C:\WINDOWS\SYSTEM32
73390000 atlthunk.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
733d0000 rasadhlp.dll 6.2.17134.1 C:\Windows\System32
733e0000 winrnr.dll 6.2.17134.1 C:\WINDOWS\System32
73410000 uxtheme.dll 6.2.17134.1 C:\WINDOWS\system32
73490000 msimg32.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
734b0000 PortableDeviceTypes.dll 6.2.17134.1 C:\Windows\System32
734e0000 CLDAPI.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
73500000 USERENV.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
73530000 version.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
73540000 NLAapi.dll 6.2.17134.1 C:\WINDOWS\system32
73560000 bcp47mrm.dll 6.2.17134.1 C:\Windows\System32
73580000 DNSAPI.dll 6.2.17134.165 C:\WINDOWS\SYSTEM32
73630000 rsaenh.dll 6.2.17134.254 C:\WINDOWS\system32
73660000 CRYPTSP.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
73680000 IPHLPAPI.DLL 6.2.17134.1 C:\WINDOWS\SYSTEM32
736e0000 ktmw32.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
73700000 globinputhost.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
73720000 Bcp47Langs.dll 6.2.17134.1 C:\Windows\System32
73760000 edputil.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
737b0000 ColorAdapterClient.dll 6.2.17134.1 C:\WINDOWS\SYSTEM32
737c0000 comctl32.dll 6.10.17134.345
C:\WINDOWS\WinSxS\x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.17134.345_none_42efd13044e18c5e
739d0000 CRYPTBASE.dll 6.2.17134.1 C:\WINDOWS\System32
739e0000 SspiCli.dll 6.2.17134.1 C:\WINDOWS\System32
73a00000 advapi32.dll 6.2.17134.319 C:\WINDOWS\System32
73a80000 KERNELBASE.dll 6.2.17134.319 C:\WINDOWS\System32
73c70000 MSASN1.dll 6.2.17134.1 C:\WINDOWS\System32
73c80000 WS2_32.dll 6.2.17134.1 C:\WINDOWS\System32
73cf0000 windows.storage.dll 6.2.17134.345 C:\WINDOWS\System32
742b0000 NSI.dll 6.2.17134.1 C:\WINDOWS\System32
74410000 clbcatq.dll 2001.12.10941.16384 C:\WINDOWS\System32
744a0000 shcore.dll 6.2.17134.112 C:\WINDOWS\System32
74530000 powrprof.dll 6.2.17134.1 C:\WINDOWS\System32
74580000 CRYPT32.dll 6.2.17134.1 C:\WINDOWS\System32
74720000 sechost.dll 6.2.17134.319 C:\WINDOWS\System32
74770000 combase.dll 6.2.17134.112 C:\WINDOWS\System32
749d0000 win32u.dll 6.2.17134.1 C:\WINDOWS\System32
749f0000 kernel.appcore.dll 6.2.17134.112 C:\WINDOWS\System32
74a00000 SETUPAPI.dll 6.2.17134.1 C:\WINDOWS\System32
74e30000 FLTLIB.DLL 6.2.17134.1 C:\WINDOWS\System32
74e40000 MSCTF.dll 6.2.17134.319 C:\WINDOWS\System32
74f90000 IMM32.DLL 6.2.17134.1 C:\WINDOWS\System32
74fc0000 ole32.dll 6.2.17134.137 C:\WINDOWS\System32
750c0000 msvcrt.dll 7.0.17134.1 C:\WINDOWS\System32
75180000 msvcp_win.dll 6.2.17134.1 C:\WINDOWS\System32
75200000 shell32.dll 6.2.17134.320 C:\WINDOWS\System32
76570000 comdlg32.dll 6.2.17134.1 C:\WINDOWS\System32
76650000 RPCRT4.dll 6.2.17134.112 C:\WINDOWS\System32
76710000 ucrtbase.dll 6.2.17134.319 C:\WINDOWS\System32
769c0000 profapi.dll 6.2.17134.1 C:\WINDOWS\System32
769e0000 WINTRUST.dll 6.2.17134.81 C:\WINDOWS\System32
76a30000 coml2.dll 6.2.17134.1 C:\WINDOWS\System32
76a90000 gdi32full.dll 6.2.17134.345 C:\WINDOWS\System32
76c00000 oleaut32.dll 6.2.17134.48 C:\WINDOWS\System32
76ca0000 bcryptPrimitives.dll 6.2.17134.345 C:\WINDOWS\System32
76d00000 cfgmgr32.dll 6.2.17134.1 C:\WINDOWS\System32
76d40000 user32.dll 6.2.17134.319 C:\WINDOWS\System32
76ed0000 shlwapi.dll 6.2.17134.1 C:\WINDOWS\System32
76f20000 GDI32.dll 6.2.17134.285 C:\WINDOWS\System32
76f50000 KERNEL32.DLL 6.2.17134.1 C:\WINDOWS\System32
77120000 ntdll.dll 6.2.17134.254 C:\WINDOWS\SYSTEM32

processes:
0000 Idle 0 0 0
0004 System 0 0 0
0060 Registry 0 0 0
01e4 smss.exe 0 0 0
028c csrss.exe 0 0 0
02d8 csrss.exe 1 0 0
02f0 wininit.exe 0 0 0
0314 winlogon.exe 1 0 0
036c services.exe 0 0 0
0388 lsass.exe 0 0 0
0048 svchost.exe 0 0 0
015c svchost.exe 0 0 0
0204 fontdrvhost.exe 1 0 0
0250 fontdrvhost.exe 0 0 0
0364 svchost.exe 0 0 0
0428 svchost.exe 0 0 0
0468 dwm.exe 1 0 0
04d4 svchost.exe 0 0 0
0524 svchost.exe 0 0 0
053c svchost.exe 0 0 0
0544 svchost.exe 0 0 0
0558 svchost.exe 0 0 0
0628 svchost.exe 0 0 0
0644 svchost.exe 0 0 0
064c svchost.exe 0 0 0
069c WUDFHost.exe 0 0 0
06e0 svchost.exe 0 0 0
06e8 svchost.exe 0 0 0
072c svchost.exe 0 0 0
075c svchost.exe 0 0 0
0764 svchost.exe 0 0 0
07a4 svchost.exe 0 0 0
07ac svchost.exe 0 0 0
07d4 svchost.exe 0 0 0
0784 svchost.exe 0 0 0
0820 svchost.exe 0 0 0
086c svchost.exe 0 0 0
0930 svchost.exe 0 0 0
096c svchost.exe 0 0 0
0978 svchost.exe 0 0 0
0a2c svchost.exe 0 0 0
0a40 svchost.exe 0 0 0
0a64 svchost.exe 0 0 0
0a80 svchost.exe 0 0 0
0af8 svchost.exe 0 0 0
0b1c svchost.exe 0 0 0
0b6c spoolsv.exe 0 0 0
0bb8 svchost.exe 0 0 0
0bd4 svchost.exe 0 0 0
09b0 svchost.exe 0 0 0
099c svchost.exe 0 0 0
0a58 svchost.exe 0 0 0
09a0 svchost.exe 0 0 0
0c04 svchost.exe 0 0 0
0c0c svchost.exe 0 0 0
0c14 svchost.exe 0 0 0
0c38 SecurityHealthService.exe 0 0 0
0cc0 svchost.exe 0 0 0
0d0c svchost.exe 0 0 0
0d50 svchost.exe 0 0 0
10c0 svchost.exe 0 0 0
1214 sihost.exe 1 0 12 normal C:\Windows\System32
12d0 svchost.exe 1 0 1 normal C:\Windows\System32
1308 svchost.exe 1 4 4 normal C:\Windows\System32
1354 taskhostw.exe 1 10 22 normal C:\Windows\System32
13d8 svchost.exe 0 0 0
0878 svchost.exe 0 0 0
0e70 svchost.exe 0 0 0
098c svchost.exe 0 0 0
11a8 svchost.exe 0 0 0
15f0 RuntimeBroker.exe 1 40 4 normal C:\Windows\System32
0260 SettingSyncHost.exe 1 41 5 below normal C:\Windows\System32
1044 svchost.exe 1 0 2 normal C:\Windows\System32
1734 RAVCpl64.exe 1 48 18 normal C:\Program
Files\Realtek\Audio\HDA
1fcc svchost.exe 0 0 0
16fc svchost.exe 0 0 0
1cb0 svchost.exe 0 0 0
182c SgrmBroker.exe 0 0 0
1d0c svchost.exe 0 0 0
214c svchost.exe 0 0 0
20dc WiseMemoryOptimzer.exe 1 0 0
0ae0 svchost.exe 0 0 0
17bc Memory Compression 0 0 0
0324 ApplicationFrameHost.exe 1 43 33 normal C:\Windows\System32
10f0 notepad.exe 1 21 24 normal C:\Windows\System32
1fe0 svchost.exe 0 0 0
0f94 MiPony.exe 1 0 0
1038 svchost.exe 1 0 1 normal C:\Windows\System32
1964 dasHost.exe 0 0 0
2aa8 svchost.exe 0 0 0
29ac svchost.exe 0 0 0
2a08 notepad.exe 1 21 24 normal C:\Windows\System32
1e28 taskhostw.exe 1 0 0
103c svchost.exe 0 0 0
1be0 WinStore.App.exe 1 0 27 normal C:\Program
Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe
134c RuntimeBroker.exe 1 0 1 normal C:\Windows\System32
25b4 MsMpEng.exe 0 0 0
2408 NisSrv.exe 0 0 0
2c3c BootTime.exe 0 0 0
0ec0 svchost.exe 0 0 0
1fc8 explorer.exe 1 99 40 normal C:\Windows
1f88 svchost.exe 0 0 0
0d58 streamwriter.exe 1 861 334 normal C:\Program Files
(x86)\streamWriter
1d30 svchost.exe 0 0 0
1808 dllhost.exe 0 0 0
25ec explorer.exe 1 219 261 normal C:\Windows
2228 ShellExperienceHost.exe 1 6 50 normal
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy
0f74 RuntimeBroker.exe 1 40 1 normal C:\Windows\System32
335c MicrosoftEdge.exe 1 11 64 normal
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe
22f0 browser_broker.exe 1 0 3 normal C:\Windows\System32
06f4 RuntimeBroker.exe 1 0 6 normal C:\Windows\System32
2320 MicrosoftEdgeCP.exe 1 0 19 normal
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe
19b4 MicrosoftEdgeCP.exe 1 2 73 normal
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe
1774 MicrosoftEdgeCP.exe 1 0 20 normal
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe
2ba8 MicrosoftEdgeCP.exe 1 0 22 normal
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe
1128 SystemSettings.exe 1 11 47 normal
C:\Windows\ImmersiveControlPanel
2db4 svchost.exe 0 0 0
0b04 svchost.exe 0 0 0
2ec8 svchost.exe 0 0 0
295c svchost.exe 0 0 0
1fb8 RuntimeBroker.exe 1 0 14 normal C:\Windows\System32
2114 audiodg.exe 0 0 0

hardware:
+ {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
- Fax
- Fila de Impressão de Raiz
- Foxit Reader PDF Printer
- Microsoft Print to PDF
- Microsoft XPS Document Writer
+ {36fc9e60-c465-11cf-8056-444553540000}
- Concentrador Raiz USB (USB 3.0)
- Concentrador Raiz USB (usbport)
- Concentrador Raiz USB (usbport)
- Dispositivo composto USB
- Dispositivo de armazenamento de massa USB
- Dispositivo de armazenamento de massa USB
- Generic USB Hub
- Generic USB Hub
- Generic USB Hub
- Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller -
1C26 (driver 10.1.1.44)
- Intel(R) 6 Series/C200 Series Chipset Family USB Enhanced Host Controller -
1C2D (driver 10.1.1.44)
 - Renesas USB 3.0 eXtensible Host Controller - 0.96 (Microsoft)
+ {4d36e965-e325-11ce-bfc1-08002be10318}
- MATSHITA DVD-RAM UJ8E2
+ {4d36e966-e325-11ce-bfc1-08002be10318}
- PC ACPI baseado em x64
+ {4d36e967-e325-11ce-bfc1-08002be10318}
- HGST HTS725050A7E630
- Kingston DataTraveler 112 USB Device
- TOSHIBA External USB 3.0 USB Device
+ {4d36e968-e325-11ce-bfc1-08002be10318}
- Intel(R) HD Graphics 3000 (driver 9.17.10.4459)
+ {4d36e96a-e325-11ce-bfc1-08002be10318}
- Intel(R) Mobile Express Chipset SATA AHCI Controller (driver 12.8.20.1002)
+ {4d36e96b-e325-11ce-bfc1-08002be10318}
- Teclado Padrão PS/2
+ {4d36e96c-e325-11ce-bfc1-08002be10318}
- Realtek High Definition Audio (driver 6.0.1.8544)
- Áudio Intel(R) para Ecrãs (driver 6.16.0.3208)
+ {4d36e96e-e325-11ce-bfc1-08002be10318}
- Monitor PnP Genérico
+ {4d36e96f-e325-11ce-bfc1-08002be10318}
- Rato compatível com HID
- Rato Compatível com PS/2
+ {4d36e970-e325-11ce-bfc1-08002be10318}
- Ricoh PCIe Memory Stick Host Controller (driver 6.21.11.30)
- Ricoh PCIe SD/MMC Host Controller (driver 6.21.11.46)
- Ricoh PCIe xD-Picture Card Controller (driver 6.21.11.16)
+ {4d36e972-e325-11ce-bfc1-08002be10318}
- Bluetooth Device (Personal Area Network)
- Bluetooth Device (RFCOMM Protocol TDI)
- Intel(R) 82579LM Gigabit Network Connection (driver 12.15.31.4)
- Intel(R) Centrino(R) Advanced-N 6230 (driver 15.17.0.1)
- Microsoft Kernel Debug Network Adapter
- WAN Miniport (IKEv2)
- WAN Miniport (IP)
- WAN Miniport (IPv6)
- WAN Miniport (L2TP)
- WAN Miniport (Network Monitor)
- WAN Miniport (PPPOE)
- WAN Miniport (PPTP)
- WAN Miniport (SSTP)
- Windscribe VPN (driver 9.0.0.21)
+ {4d36e978-e325-11ce-bfc1-08002be10318}
- Intel(R) Active Management Technology - SOL (COM3) (driver 11.5.0.1012)
+ {4d36e97b-e325-11ce-bfc1-08002be10318}
- Controlador de Espaços de Armazenamento da Microsoft
+ {4d36e97d-e325-11ce-bfc1-08002be10318}
- 2nd generation Intel(R) Core(TM) processor family DRAM Controller - 0104
(driver 10.1.1.44)
- Barramento Redirecionador de Dispositivo do Ambiente de Trabalho Remoto
- Bluetooth ACPI (driver 10.18.427.0)
- Botão de alimentação ACPI
- Botão de funcionalidade fixa ACPI
- Botão de Iniciação Direta de Aplicação
- Botão de Iniciação Direta de Aplicação
- Botão de Iniciação Direta de Aplicação
- Bridge PCI para PCI
- Complexo de Raiz PCI Express
- Controlador BIOS Microsoft System Management
 - Controlador de acesso direto à memória (DMA)
- Controlador de Arbitragem de Carga
- Controlador de Composição Básica da Microsoft
- Controlador de Visualização Básico da Microsoft
- Controlador PIC
- Enumerador de Adaptador de Rede Virtual NDIS
- Enumerador de Barramento Para Dispositivos Compostos
- Enumerador de Barramento Raiz UMBus
- Enumerador de Dispositivos de Software Plug and Play
- Enumerador de Unidades Virtuais da Microsoft
- Gestor de Volumes
- Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
(driver 10.1.1.44)
- Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
(driver 10.1.1.44)
- Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14
(driver 10.1.1.44)
- Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 5 - 1C18
(driver 10.1.1.44)
- Intel(R) 6 Series/C200 Series Chipset Family PCI Express Root Port 6 - 1C1A
(driver 10.1.1.44)
- Intel(R) High Definition Audio - 1C20 (driver 9.2.0.1016)
- Intel(R) Management Engine Interface (driver 11.0.5.1189)
- Intel(R) QM67 Express Chipset Family LPC Interface Controller - 1C4F (driver
10.1.1.44)
- Placa de sistema
- Processador de dados numéricos (NDP)
- Recursos da placa principal
- Recursos da placa principal
- Recursos da placa principal
- Recursos da placa principal
- Relógio CMOS de sistema/tempo real
- Sistema compatível com Microsoft ACPI
- Tampa ACPI
- Temporizador de eventos de alta precisão
- Temporizador do sistema
- TOSHIBA HDD Protection - Shock Sensor Driver (driver 2.5.0.1)
- TOSHIBA x64 ACPI-Compliant Value Added Logical and General Purpose Device
(driver 3.2.0.2)
- Zona térmica ACPI
+ {50127dc3-0f36-415e-a6cc-4cb3be910b65}
- Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
- Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
- Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
- Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
+ {533c5b84-ec70-11d2-9505-00c04f79deaf}
- Cópia sombra de volume genérico
+ {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
- Bluetooth
- Microsoft Device Association Root Enumerator
- Microsoft Radio Device Enumeration Bus
- Microsoft RRAS Root Enumerator
- Sintetizador de Wavetable Microsoft GS
- Wi-Fi
+ {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
- Bateria do Método de Controlo em Conformidade com ACPI Microsoft
- Transformador Microsoft
+ {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
- Controlos de rádio sem fios compatíveis com HID
 - Dispositivo de controlo para consumidores compatível com HID
- Dispositivo de controlo para consumidores compatível com HID
- Dispositivo USB de Introdução de Texto
- Toshiba Hotkey Driver (driver 9.5.0.0)
+ {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
- Altifalantes (Realtek High Definition Audio)
- Microfone (Realtek High Definition Audio)
+ {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
- Chicony USB 2.0 Camera
+ {d94ee5d8-d189-4994-83d2-f68d7d41b0e6}
- Trusted Platform Module 1.2
+ {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
- Enumerador Microsoft Bluetooth
- Intel(R) Wireless Bluetooth(R) (driver 3.0.1310.386)
+ {eec5ad98-8080-425f-922a-dabf3de3f69a}
- KINGSTON
- TOSHIBA EXT

cpu registers:
eax = 00004100
ebx = 134cc2ac
ecx = 135b08e5
edx = 134cc2ac
esi = 00000064
edi = 000e463b
eip = 753175f8
esp = 0019f4f8
ebp = 0019f50c

stack dump:
0019f4f8 2a 00 00 00 ac c2 4c 13 - 8e 47 40 00 f0 74 40 00 *.....L..G@..t@.
0019f508 e2 3f 3b 83 34 f5 19 00 - 2c 2e 66 00 ac c2 4c 13 .?;.4...,.f...L.
0019f518 68 4c 16 11 10 2f 66 00 - 3c f5 19 00 28 6b 40 00 hL.../f.<...(k@.
0019f528 34 f5 19 00 2c 00 00 00 - 00 00 00 00 7c f5 19 00 4...,.......|...
0019f538 9f 2c 66 00 84 f5 19 00 - 28 6b 40 00 7c f5 19 00 .,f.....(k@.|...
0019f548 40 58 bc 0d 10 84 de 0d - 70 4f bc 0d 00 00 00 00 @X......pO......
0019f558 00 00 00 00 03 00 00 00 - 28 ef e3 12 00 00 00 00 ........(.......
0019f568 58 d5 cc 01 68 4c 16 11 - 70 4f bc 0d 00 00 00 00 X...hL..pO......
0019f578 00 00 00 00 98 f5 19 00 - 8e 34 66 00 e0 f9 19 00 .........4f.....
0019f588 28 6b 40 00 98 f5 19 00 - 01 58 bc 0d 60 95 bc 0d (k@......X..`...
0019f598 01 00 00 00 f7 a0 66 00 - 0c f6 19 00 03 00 00 00 ......f.........
0019f5a8 40 58 bc 0d 70 8c 65 00 - 30 68 c5 0d 40 f6 19 00 @X..p.e.0h..@...
0019f5b8 64 00 04 80 02 00 00 00 - 10 84 de 0d 02 00 00 00 d...............
0019f5c8 e8 f5 19 00 4c f6 19 00 - 0c f6 19 00 6c 62 66 00 ....L.......lbf.
0019f5d8 e0 77 65 00 b0 69 65 00 - 40 f6 19 00 a9 68 65 00 .we..ie.@....he.
0019f5e8 24 f6 19 00 16 e3 2e 75 - 30 68 c5 0d 0c f6 19 00 $......u0h......
0019f5f8 40 f6 19 00 00 00 00 00 - e0 68 c5 0d e0 4a cc 00 @........h...J..
0019f608 3c f6 19 00 84 c0 40 00 - 00 00 00 00 01 00 00 00 <.....@.........
0019f618 ff ff ff ff 01 00 00 00 - ca 3c 3b 83 50 f6 19 00 .........<;.P...
0019f628 4d 19 46 75 40 f6 19 00 - 3c f6 19 00 e4 4a cc 00 M.Fu@...<....J..

disassembling:
00662e1c public DragDropPIDL.StringToPIDL: ; function entry point
00662e1c 695 push ebx
00662e1d mov ebx, eax
00662e1f 696 mov eax, ebx
00662e21 call -$25aee2 ($407f44) ; System.@LStrToPChar
00662e26 push eax
00662e27 > call -$5b4 ($662878) ; DragDropPIDL.ILClone
00662e2c 697 pop ebx
00662e2d ret