date/time          : 2017-12-12, 10:40:10, 486ms
computer name      : PC201708091734
user name          : Administrator <admin>
registered owner   : admin
operating system   : Windows 7 x64 Service Pack 1 build 7601
system language    : Chinese (Simplified)
system up time     : 2 hours 25 minutes
program up time    : 5 seconds
processors         : 4x Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
physical memory    : 1296/3976 MB (free/total)
free disk space    : (C:) 48.89 GB
display mode       : 1920x1080, 32 bit
process id         : $45c
allocated memory   : 143.75 MB
largest free block : 1.99 GB
executable         : Linkman.exe
exec. date/time    : 2017-11-19 17:48
version            : 8.9.9.11
compiled with      : Delphi 7
madExcept version  : 4.0.14
callstack crc      : $470dfd2a, $3bb1f1d2, $fbf4c578
exception number   : 1
exception class    : ERegistryException
exception message  : Failed to set data for ''.

thread $2ec:
004ad2a5 +0059 Linkman.exe  Registry               TRegistry.PutData
004ad0e9 +0021 Linkman.exe  Registry               TRegistry.WriteString
007d633e +00c6 Linkman.exe  RegistryUnit  788  +11 reg_IEIntegration
00859de6 +075a Linkman.exe  MainFormUnit 7911 +244 TLinkmanF.StartUpTimerTimer
004a4f67 +000f Linkman.exe  ExtCtrls               TTimer.Timer
004a4e4b +002b Linkman.exe  ExtCtrls               TTimer.WndProc
0048f410 +0014 Linkman.exe  Classes                StdWndProc
75fd7bc5 +000a user32.dll                          DispatchMessageA
004f643f +0083 Linkman.exe  Forms                  TApplication.ProcessMessage
004f6476 +000a Linkman.exe  Forms                  TApplication.HandleMessage
004f668e +0096 Linkman.exe  Forms                  TApplication.Run
008973ae +13a2 Linkman.exe  Linkman       655 +506 initialization
75ca33a8 +0010 kernel32.dll                        BaseThreadInitThunk

thread $d3c:
77460136 +0e ntdll.dll     NtWaitForMultipleObjects
75ca33a8 +10 kernel32.dll  BaseThreadInitThunk

thread $1af4:
7745fd6a +0e ntdll.dll       NtDelayExecution
75dc3bc2 +5f KERNELBASE.dll  SleepEx
75dc4493 +0a KERNELBASE.dll  Sleep
75ca33a8 +10 kernel32.dll    BaseThreadInitThunk

thread $1864:
7745f8aa +0e ntdll.dll                NtWaitForSingleObject
75dc1497 +92 KERNELBASE.dll           WaitForSingleObjectEx
75ca118f +3e kernel32.dll             WaitForSingleObjectEx
75ca1143 +0d kernel32.dll             WaitForSingleObject
00462929 +0d Linkman.exe    madExcept CallThreadProcSafe
00462993 +37 Linkman.exe    madExcept ThreadExceptFrame
75ca33a8 +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $1fac at:
10341067 +00 SOGOUPY.IME

thread $1cb4:
77460136 +0e ntdll.dll                NtWaitForMultipleObjects
75dc15e3 +fa KERNELBASE.dll           WaitForMultipleObjectsEx
75ca1a27 +89 kernel32.dll             WaitForMultipleObjectsEx
75fe0864 +00 user32.dll               MsgWaitForMultipleObjectsEx
75fe0b64 +1a user32.dll               MsgWaitForMultipleObjects
00462929 +0d Linkman.exe    madExcept CallThreadProcSafe
00462993 +37 Linkman.exe    madExcept ThreadExceptFrame
75ca33a8 +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $2ec at:
740c78e1 +00 gdiplus.dll

thread $678:
77461f1f +0b ntdll.dll     NtWaitForWorkViaWorkerFactory
75ca33a8 +10 kernel32.dll  BaseThreadInitThunk

thread $1e18:
77461f1f +0b ntdll.dll     NtWaitForWorkViaWorkerFactory
75ca33a8 +10 kernel32.dll  BaseThreadInitThunk

thread $19cc:
7745f8aa +0e ntdll.dll                NtWaitForSingleObject
75dc1497 +92 KERNELBASE.dll           WaitForSingleObjectEx
75ca118f +3e kernel32.dll             WaitForSingleObjectEx
75ca1143 +0d kernel32.dll             WaitForSingleObject
00462929 +0d Linkman.exe    madExcept CallThreadProcSafe
00462993 +37 Linkman.exe    madExcept ThreadExceptFrame
75ca33a8 +10 kernel32.dll             BaseThreadInitThunk
>> created by thread $2ec at:
10084c83 +00 SOGOUPY.IME

thread $1d68 (TSplash): <suspended> <priority:1>
0081a43a +1e Linkman.exe SplashFormUnit 100 +1 TSplash.Create

thread $1c60 (TpmFormatThread):
7745f8aa +0e ntdll.dll                        NtWaitForSingleObject
75dc1497 +92 KERNELBASE.dll                   WaitForSingleObjectEx
75ca118f +3e kernel32.dll                     WaitForSingleObjectEx
75ca1143 +0d kernel32.dll                     WaitForSingleObject
0049db05 +09 Linkman.exe    SyncObjs          TEvent.WaitFor
006cbf4e +0a Linkman.exe    PMSupport 7273 +2 TpmFormatThread.Execute
00462a47 +2b Linkman.exe    madExcept         HookedTThreadExecute
0048d800 +34 Linkman.exe    Classes           ThreadProc
004058b4 +28 Linkman.exe    System            ThreadWrapper
00462929 +0d Linkman.exe    madExcept         CallThreadProcSafe
00462993 +37 Linkman.exe    madExcept         ThreadExceptFrame
75ca33a8 +10 kernel32.dll                     BaseThreadInitThunk
>> created by thread $2ec at:
006cbef1 +35 Linkman.exe    PMSupport 7259 +3 TpmFormatThread.Create

thread $1268 (TpmFormatThread):
7745f8aa +0e ntdll.dll                        NtWaitForSingleObject
75dc1497 +92 KERNELBASE.dll                   WaitForSingleObjectEx
75ca118f +3e kernel32.dll                     WaitForSingleObjectEx
75ca1143 +0d kernel32.dll                     WaitForSingleObject
0049db05 +09 Linkman.exe    SyncObjs          TEvent.WaitFor
006cbf4e +0a Linkman.exe    PMSupport 7273 +2 TpmFormatThread.Execute
00462a47 +2b Linkman.exe    madExcept         HookedTThreadExecute
0048d800 +34 Linkman.exe    Classes           ThreadProc
004058b4 +28 Linkman.exe    System            ThreadWrapper
00462929 +0d Linkman.exe    madExcept         CallThreadProcSafe
00462993 +37 Linkman.exe    madExcept         ThreadExceptFrame
75ca33a8 +10 kernel32.dll                     BaseThreadInitThunk
>> created by thread $2ec at:
006cbef1 +35 Linkman.exe    PMSupport 7259 +3 TpmFormatThread.Create

thread $ea8 (TpmFormatThread):
7745f8aa +0e ntdll.dll                        NtWaitForSingleObject
75dc1497 +92 KERNELBASE.dll                   WaitForSingleObjectEx
75ca118f +3e kernel32.dll                     WaitForSingleObjectEx
75ca1143 +0d kernel32.dll                     WaitForSingleObject
0049db05 +09 Linkman.exe    SyncObjs          TEvent.WaitFor
006cbf4e +0a Linkman.exe    PMSupport 7273 +2 TpmFormatThread.Execute
00462a47 +2b Linkman.exe    madExcept         HookedTThreadExecute
0048d800 +34 Linkman.exe    Classes           ThreadProc
004058b4 +28 Linkman.exe    System            ThreadWrapper
00462929 +0d Linkman.exe    madExcept         CallThreadProcSafe
00462993 +37 Linkman.exe    madExcept         ThreadExceptFrame
75ca33a8 +10 kernel32.dll                     BaseThreadInitThunk
>> created by thread $2ec at:
006cbef1 +35 Linkman.exe    PMSupport 7259 +3 TpmFormatThread.Create

thread $2590 (TpmFormatThread):
7745f8aa +0e ntdll.dll                        NtWaitForSingleObject
75dc1497 +92 KERNELBASE.dll                   WaitForSingleObjectEx
75ca118f +3e kernel32.dll                     WaitForSingleObjectEx
75ca1143 +0d kernel32.dll                     WaitForSingleObject
0049db05 +09 Linkman.exe    SyncObjs          TEvent.WaitFor
006cbf4e +0a Linkman.exe    PMSupport 7273 +2 TpmFormatThread.Execute
00462a47 +2b Linkman.exe    madExcept         HookedTThreadExecute
0048d800 +34 Linkman.exe    Classes           ThreadProc
004058b4 +28 Linkman.exe    System            ThreadWrapper
00462929 +0d Linkman.exe    madExcept         CallThreadProcSafe
00462993 +37 Linkman.exe    madExcept         ThreadExceptFrame
75ca33a8 +10 kernel32.dll                     BaseThreadInitThunk
>> created by thread $2ec at:
006cbef1 +35 Linkman.exe    PMSupport 7259 +3 TpmFormatThread.Create

modules:
00400000 Linkman.exe         8.9.9.11           C:\Users\Administrator\Desktop\Linkman
05750000 PicFace.dll         1.1.0.1781         C:\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1781
07610000 LinkmanBrowsers.dll 8.8.6.0            C:\Users\Administrator\Desktop\Linkman
0adf0000 Resource.dll        8.7.0.1682         C:\Program Files (x86)\SogouInput\8.7.0.1682
10000000 SOGOUPY.IME         8.7.0.1682         C:\Windows\system32
58c60000 explorerframe.dll   6.1.7601.17514     C:\Windows\system32
58eb0000 DUI70.dll           6.1.7600.16385     C:\Windows\system32
61e00000 sqlite3.dll         3.15.2.0           C:\Users\Administrator\Desktop\Linkman
69310000 WindowsCodecs.dll   6.2.9200.16583     C:\Windows\system32
6a1f0000 DUser.dll           6.1.7600.16385     C:\Windows\system32
6a390000 FaultRep.dll        6.1.7601.17514     C:\Windows\system32
6a470000 IdnDL.dll           6.1.7600.16385     C:\Windows\system32
6d510000 icm32.dll           6.1.7600.16385     C:\Windows\system32
6d550000 security.dll        6.1.7600.16385     C:\Windows\system32
6e200000 mscms.dll           6.1.7601.17514     C:\Windows\system32
6e390000 olepro32.dll        6.1.7601.17514     C:\Windows\system32
6e3c0000 winspool.drv        6.1.7601.17514     C:\Windows\system32
6e420000 dwmapi.dll          6.1.7600.16385     C:\Windows\system32
6e6d0000 uxtheme.dll         6.1.7600.16385     C:\Windows\system32
6e9a0000 OLEACC.dll          7.0.0.0            C:\Windows\system32
6eb10000 MSIMG32.dll         6.1.7600.16385     C:\Windows\system32
6ebf0000 wsock32.dll         6.1.7600.16385     C:\Windows\system32
6eeb0000 Fwpuclnt.dll        6.1.7601.17514     C:\Windows\system32
72e00000 ntmarta.dll         6.1.7600.16385     C:\Windows\system32
73370000 apphelp.dll         6.1.7601.17514     C:\Windows\system32
733c0000 propsys.dll         7.0.7601.17514     C:\Windows\system32
734c0000 comctl32.dll        6.10.7601.17514    C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
74080000 gdiplus.dll         6.1.7601.17825     C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b
74210000 SECUR32.DLL         6.1.7601.17940     C:\Windows\system32
74260000 winmm.dll           6.1.7601.17514     C:\Windows\system32
745c0000 WINNSI.DLL          6.1.7600.16385     C:\Windows\system32
745d0000 iphlpapi.dll        6.1.7601.17514     C:\Windows\system32
74780000 profapi.dll         6.1.7600.16385     C:\Windows\system32
74790000 USERENV.dll         6.1.7601.17514     C:\Windows\system32
74a40000 version.dll         6.1.7600.16385     C:\Windows\system32
74b10000 CRYPTBASE.dll       6.1.7600.16385     C:\Windows\syswow64
74b20000 SspiCli.dll         6.1.7601.17940     C:\Windows\syswow64
74b80000 ADVAPI32.dll        6.1.7601.17514     C:\Windows\syswow64
74c20000 LPK.dll             6.1.7600.16385     C:\Windows\syswow64
74c30000 msvcrt.dll          7.0.7601.17744     C:\Windows\syswow64
74ce0000 comdlg32.dll        6.1.7601.17514     C:\Windows\syswow64
74d60000 shell32.dll         6.1.7601.18103     C:\Windows\syswow64
759b0000 IMM32.DLL           6.1.7601.17514     C:\Windows\system32
75a10000 CFGMGR32.dll        6.1.7601.17621     C:\Windows\syswow64
75a40000 GDI32.dll           6.1.7601.17514     C:\Windows\syswow64
75c90000 kernel32.dll        6.1.7601.18015     C:\Windows\syswow64
75da0000 PSAPI.DLL           6.1.7600.16385     C:\Windows\syswow64
75db0000 KERNELBASE.dll      6.1.7601.18015     C:\Windows\syswow64
75e00000 oleaut32.dll        6.1.7601.17676     C:\Windows\syswow64
75e90000 Normaliz.dll        6.1.7600.16385     C:\Windows\syswow64
75eb0000 USP10.dll           1.626.7601.18009   C:\Windows\syswow64
75f80000 sechost.dll         6.1.7600.16385     C:\Windows\SysWOW64
75fa0000 DEVOBJ.dll          6.1.7601.17621     C:\Windows\syswow64
75fc0000 user32.dll          6.1.7601.17514     C:\Windows\syswow64
762d0000 MSCTF.dll           6.1.7600.16385     C:\Windows\syswow64
763a0000 WLDAP32.dll         6.1.7601.17514     C:\Windows\syswow64
763f0000 SETUPAPI.dll        6.1.7601.17514     C:\Windows\syswow64
76590000 CLBCatQ.DLL         2001.12.8530.16385 C:\Windows\syswow64
76740000 ole32.dll           6.1.7601.17514     C:\Windows\syswow64
769f0000 SHLWAPI.dll         6.1.7601.17514     C:\Windows\syswow64
76a50000 WS2_32.dll          6.1.7601.17514     C:\Windows\syswow64
76a90000 RPCRT4.dll          6.1.7601.17514     C:\Windows\syswow64
77410000 NSI.dll             6.1.7600.16385     C:\Windows\syswow64
77440000 ntdll.dll           6.1.7601.17725     C:\Windows\SysWOW64

processes:
0000 Idle                         0 0   0
0004 System                       0 0   0
0140 smss.exe                     0 0   0
01f4 csrss.exe                    0 0   0
022c csrss.exe                    1 0   0
0234 wininit.exe                  0 0   0
026c winlogon.exe                 1 0   0
0294 services.exe                 0 0   0
029c lsass.exe                    0 0   0
02a4 lsm.exe                      0 0   0
0308 svchost.exe                  0 0   0
0374 svchost.exe                  0 0   0
03cc svchost.exe                  0 0   0
03f4 svchost.exe                  0 0   0
009c svchost.exe                  0 0   0
0168 svchost.exe                  0 0   0
036c audiodg.exe                  0 0   0
0318 svchost.exe                  0 0   0
0450 igfxCUIService.exe           0 0   0
046c svchost.exe                  0 0   0
04b8 ZhuDongFangYu.exe            0 0   0
050c svchost.exe                  0 0   0
0610 spoolsv.exe                  0 0   0
062c taskeng.exe                  0 0   0
0658 svchost.exe                  0 0   0
06ec AlibabaProtect.exe           0 0   0
0708 AppleMobileDeviceService.exe 0 0   0
0760 EPService.exe                0 0   0
0780 svchost.exe                  0 0   0
07a4 service.exe                  0 0   0
0598 svchost.exe                  0 0   0
06f4 QQProtect.exe                0 0   0
05f8 taskhost.exe                 1 26  21  normal
0824 dwm.exe                      1 19  2   high
082c explorer.exe                 1 888 469 normal
0878 svchost.exe                  0 0   0
08d4 WebServe.exe                 0 0   0
08f8 svchost.exe                  0 0   0
0bc8 GoogleUpdate.exe             0 0   0
0bd0 PTXBootSvc.exe               1 29  16  normal C:\Servyou\PTXSvcBoot
0bd8 EPEnvUpdate.exe              1 34  32  normal C:\Servyou\EnvUpdate
0be0 ServyouInvoiceCollector.exe  1 102 86  normal C:\Servyou\FPTQ
0c2c RtkNGUI64.exe                1 36  29  normal
0cb4 WeChat.exe                   1 323 91  normal C:\Program Files (x86)\Tencent\WeChat
0e30 iusb3mon.exe                 1 18  7   normal C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application
0e38 360tray.exe                  1 269 59  normal C:\Program Files (x86)\360\360Safe\safemon
0ee8 DingTalk.exe                 1 249 165 normal C:\Program Files (x86)\DingDing\main\current_new
0fc4 PresentationFontCache.exe    0 0   0
126c igfxEM.exe                   1 16  14  normal
17a8 WeChatWeb.exe                1 4   4   normal C:\Program Files (x86)\Tencent\WeChat
15ec GoogleCrashHandler.exe       0 0   0
1658 GoogleCrashHandler64.exe     0 0   0
1974 DingTalkHelper.exe           1 9   1   normal C:\Program Files (x86)\DingDing\main\current_new
169c AndroidService.exe           1 4   2   normal D:\IQIYI Video\LStyle\6.1.51.4886\QYAppPlugin\mobileassistantplugin
1a4c SogouExplorer.exe            1 573 231 normal C:\Users\Administrator\AppData\Local\SogouExplorer
1a80 SogouCloud.exe               1 10  4   normal C:\Program Files (x86)\SogouInput\8.7.0.1682
1b90 SogouExplorer.exe            1 361 112 normal C:\Users\Administrator\AppData\Local\SogouExplorer
1bb0 SogouExplorer.exe            1 120 3   idle   C:\Users\Administrator\AppData\Local\SogouExplorer
124c SogouExplorer.exe            1 99  18  normal C:\Users\Administrator\AppData\Local\SogouExplorer
1084 SogouExplorer.exe            1 831 3   normal C:\Users\Administrator\AppData\Local\SogouExplorer
1f90 FSCapture.exe                1 822 110 normal F:\常用工具\FSCapture87 Protable
1b94 FlashFXP.exe                 1 243 193 normal F:\常用工具\FlashFXP
12e8 KuGou.exe                    1 727 112 normal C:\Program Files (x86)\KuGou\KGMusic
1df8 KGService.exe                1 12  7   normal C:\Program Files (x86)\KuGou\KGMusic\8.1.71.20109
2040 KuGou.exe                    1 436 4   normal C:\Program Files (x86)\KuGou\KGMusic
21b4 KgDaemon.exe                 1 9   6   normal C:\Program Files (x86)\KuGou\KGMusic\8.1.71.20109
2364 KuGou.exe                    1 52  2   normal C:\Program Files (x86)\KuGou\KGMusic
20c0 dlna_player.exe              1 33  14  normal C:\Users\Administrator\AppData\Roaming\KuGou8\AppStore\6
2104 SogouExplorer.exe            1 29  1   normal C:\Users\Administrator\AppData\Local\SogouExplorer
232c WeChatWeb.exe                1 9   1   normal C:\Program Files (x86)\Tencent\WeChat
200c antMR.exe                    1 12  4   normal C:\Program Files (x86)\Ant Download Manager
1d5c WmiPrvSE.exe                 0 0   0
1ae0 WmiPrvSE.exe                 0 0   0
15dc SogouExplorer.exe            1 112 3   idle   C:\Users\Administrator\AppData\Local\SogouExplorer
21ac WmiApSrv.exe                 0 0   0
134c gidot typesetter.exe         1 177 139 normal F:\常用工具\排版助手
0fb0 DllHost.exe                  1 9   6   normal C:\Windows\SysWOW64
045c Linkman.exe                  1 626 353 normal C:\Users\Administrator\Desktop\Linkman

hardware:
+ Batteries
  - Microsoft Composite Battery
+ Computer
  - ACPI x64-based PC
+ Disk drives
  - WDC WD10EZEX-08WN4A0 SCSI Disk Device
+ Display adapters
  - CyberLink Mirror Driver (driver 1.0.0.0)
  - Intel(R) HD Graphics 530 (driver 21.20.16.4590)
+ Human Interface Devices
  - USB 输入设备
+ IDE ATA/ATAPI controllers
  - Intel(R) 100 Series/C230 Chipset Family SATA AHCI Controller (driver 15.5.2.1054)
+ Keyboards
  - PS/2 标准键盘
+ Mice and other pointing devices
  - HID-compliant mouse
  - Microsoft PS/2 Mouse
+ Monitors
  - 通用即插即用监视器
+ Network adapters
  - Realtek PCIe GBE Family Controller (driver 7.109.526.2017)
  - WAN Miniport (IKEv2)
  - WAN 微型端口(IP)
  - WAN 微型端口(IPv6)
  - WAN 微型端口(L2TP)
  - WAN 微型端口(PPPOE)
  - WAN 微型端口(PPTP)
  - WAN 微型端口(SSTP)
  - WAN 微型端口(网络监视器)
+ Ports (COM & LPT)
  - 打印机端口 (LPT1)
  - 通信端口 (COM1)
+ Processors
  - Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
  - Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
  - Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
  - Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
+ Sound, video and game controllers
  - CyberLink WebCam Virtual Driver 7.0 (driver 1.2.30855.7524)
  - DFX Audio Enhancer (driver 12.0.0.0)
  - Realtek High Definition Audio (driver 6.0.1.8036)
  - 英特尔(R) 显示器音频 (driver 6.16.0.3197)
+ System devices
  - ACPI Fan
  - ACPI Fan
  - ACPI Fan
  - ACPI Fan
  - ACPI Fan
  - ACPI Fixed Feature Button
  - ACPI Power Button
  - ACPI Sleep Button
  - ACPI Thermal Zone
  - ACPI Thermal Zone
  - High Definition Audio 控制器
  - High precision event timer
  - Intel Device (driver 10.0.13.0)
  - Intel Device (driver 10.0.20.0)
  - Intel(R) 100 Series/C230 Series Chipset PMC - A121 (driver 10.1.2.8)
  - Intel(R) 82802 Firmware Hub Device
  - Intel(R) Management Engine Interface  (driver 11.6.0.1015)
  - Microsoft ACPI-Compliant System
  - Microsoft System Management BIOS Driver
  - Microsoft Windows Management Interface for ACPI
  - Microsoft Windows Management Interface for ACPI
  - Microsoft 虚拟驱动器枚举器驱动程序
  - Motherboard resources
  - Motherboard resources
  - Motherboard resources
  - Motherboard resources
  - Motherboard resources
  - Motherboard resources
  - Motherboard resources
  - Motherboard resources
  - Motherboard resources
  - Numeric data processor
  - PCI bus
  - PCI standard host CPU bridge
  - PCI standard ISA bridge
  - PCI standard PCI-to-PCI bridge
  - PCI standard PCI-to-PCI bridge
  - Plug and Play Software Device Enumerator
  - Printer Port Logical Interface
  - Programmable interrupt controller
  - Remote Desktop Device Redirector Bus
  - System CMOS/real time clock
  - System timer
  - Terminal Server Keyboard Driver
  - Terminal Server Mouse Driver
  - UMBus Enumerator
  - UMBus Root Bus Enumerator
  - Volume Manager
  - 复合总线枚举器
  - 文件作为卷驱动程序
+ Universal Serial Bus controllers
  - 英特尔(R) USB 3.0 可扩展主机控制器 (driver 5.0.1.38)
  - 英特尔(R) USB 3.0 根集线器 (driver 5.0.1.38)

cpu registers:
eax = 086529f0
ebx = 02519090
ecx = 00000000
edx = 004ad2aa
esi = 00000001
edi = 00000000
eip = 004ad2aa
esp = 0018fa58
ebp = 0018faa0

stack dump:
0018fa58  aa d2 4a 00 de fa ed 0e - 01 00 00 00 07 00 00 00  ..J.............
0018fa68  6c fa 18 00 aa d2 4a 00 - f0 29 65 08 90 90 51 02  l.....J..)e...Q.
0018fa78  01 00 00 00 00 00 00 00 - a0 fa 18 00 88 fa 18 00  ................
0018fa88  00 00 00 00 88 16 4f 02 - 90 90 51 02 00 00 00 00  ......O...Q.....
0018fa98  0b 16 4f 02 88 16 4f 02 - 0c fb 18 00 ee d0 4a 00  ..O...O.......J.
0018faa8  01 00 00 00 42 00 00 00 - 00 00 00 00 a4 ec 4d 00  ....B.........M.
0018fab8  28 5f 8b 00 43 63 7d 00 - 14 fb 18 00 98 51 40 00  (_..Cc}......Q@.
0018fac8  0c fb 18 00 4c a9 8a 00 - 00 00 00 00 00 00 00 00  ....L...........
0018fad8  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0018fae8  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0018faf8  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0018fb08  00 00 00 00 80 fc 18 00 - eb 9d 85 00 20 fb 18 00  ............ ...
0018fb18  98 51 40 00 80 fc 18 00 - 90 fc 18 00 98 51 40 00  .Q@..........Q@.
0018fb28  80 fc 18 00 00 00 00 00 - 58 4f 4a 00 30 68 4f 02  ........XOJ.0hO.
0018fb38  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0018fb48  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0018fb58  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0018fb68  00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00  ................
0018fb78  2f 43 3a 5c 55 73 65 72 - 73 5c 41 64 6d 69 6e 69  /C:\Users\Admini
0018fb88  73 74 72 61 74 6f 72 5c - 44 65 73 6b 74 6f 70 5c  strator\Desktop\

disassembling:
[...]
007d632d       mov     edx, 3
007d6332       call    -$3d067b ($405cbc)     ; System.@LStrCatN
007d6337       mov     ecx, [ebp-$c]
007d633a       xor     edx, edx
007d633c       mov     eax, [ebx]
007d633e     > call    -$32927b ($4ad0c8)     ; Registry.TRegistry.WriteString
007d6343 791   mov     cl, 1
007d6345       mov     edx, $7d65fc           ; '\Software\Microsoft\Internet Explorer\MenuExt\Add to Linkman'
007d634a       mov     eax, [ebx]
007d634c       call    -$32996d ($4ac9e4)     ; Registry.TRegistry.OpenKey
007d6351       test    al, al
[...]

