# Flog Txt Version 1 # Analyzer Version: 3.2.1 # Analyzer Build Date: Feb 18 2020 07:49:07 # Log Creation Date: 20.02.2020 15:55:33.514 Process: id = "1" image_name = "aksip.exe" filename = "c:\\users\\fd1hvy\\desktop\\aksip.exe" page_root = "0x172f6000" os_pid = "0x13a0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x79c" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x13a4 [0037.108] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x44d0d814, dwHighDateTime=0x1d5e806)) [0037.108] GetCurrentProcessId () returned 0x13a0 [0037.108] GetCurrentThreadId () returned 0x13a4 [0037.108] GetTickCount () returned 0x114a5f5 [0037.108] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff60 | out: lpPerformanceCount=0x19ff60*=13052931116) returned 1 [0037.189] GetStartupInfoA (in: lpStartupInfo=0x19ff18 | out: lpStartupInfo=0x19ff18*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0037.189] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x21f0000 [0037.191] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0037.191] GetProcAddress (hModule=0x77230000, lpProcName="FlsAlloc") returned 0x77244ae0 [0037.191] GetProcAddress (hModule=0x77230000, lpProcName="FlsGetValue") returned 0x77244b20 [0037.191] GetProcAddress (hModule=0x77230000, lpProcName="FlsSetValue") returned 0x77244b40 [0037.191] GetProcAddress (hModule=0x77230000, lpProcName="FlsFree") returned 0x77244b00 [0037.191] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0037.191] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0037.191] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0037.191] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0037.191] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0037.191] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0037.192] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0037.192] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0037.192] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0037.192] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0037.192] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0037.192] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0037.192] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0037.192] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0037.193] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0037.193] GetProcAddress (hModule=0x77230000, lpProcName="DecodePointer") returned 0x77501ec0 [0037.193] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x238) returned 0x21f05a8 [0037.193] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0037.193] GetProcAddress (hModule=0x77230000, lpProcName="DecodePointer") returned 0x77501ec0 [0037.193] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0037.193] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0037.193] GetProcAddress (hModule=0x77230000, lpProcName="DecodePointer") returned 0x77501ec0 [0037.193] GetCurrentThreadId () returned 0x13a4 [0037.193] GetStartupInfoA (in: lpStartupInfo=0x19fe84 | out: lpStartupInfo=0x19fe84*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0037.194] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x824) returned 0x21f07e8 [0037.194] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0037.194] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0037.194] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0037.194] SetHandleCount (uNumber=0x20) returned 0x20 [0037.194] GetCommandLineA () returned="\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " [0037.194] GetEnvironmentStringsW () returned 0x5e5f00* [0037.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381 [0037.194] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x589) returned 0x21f1018 [0037.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x21f1038, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381 [0037.194] FreeEnvironmentStringsW (penv=0x5e5f00) returned 1 [0037.194] GetLastError () returned 0x0 [0037.194] SetLastError (dwErrCode=0x0) [0037.194] GetLastError () returned 0x0 [0037.194] SetLastError (dwErrCode=0x0) [0037.194] GetLastError () returned 0x0 [0037.194] SetLastError (dwErrCode=0x0) [0037.194] GetACP () returned 0x4e4 [0037.194] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x244) returned 0x21f15b0 [0037.195] GetLastError () returned 0x0 [0037.195] SetLastError (dwErrCode=0x0) [0037.195] IsValidCodePage (CodePage=0x4e4) returned 1 [0037.195] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fe4c | out: lpCPInfo=0x19fe4c) returned 1 [0037.195] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f910 | out: lpCPInfo=0x19f910) returned 1 [0037.195] GetLastError () returned 0x0 [0037.195] SetLastError (dwErrCode=0x0) [0037.195] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x19f8a8 | out: lpCharType=0x19f8a8) returned 1 [0037.195] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0037.195] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x22c) returned 0x21f1800 [0037.195] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x21f1828, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0037.195] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpCharType=0x19fc30 | out: lpCharType=0x19fc30) returned 1 [0037.195] HeapValidate (hHeap=0x21f0000, dwFlags=0x0, lpMem=0x21f1800) returned 1 [0037.195] HeapFree (in: hHeap=0x21f0000, dwFlags=0x0, lpMem=0x21f1800 | out: hHeap=0x21f0000) returned 1 [0037.195] GetLastError () returned 0x0 [0037.195] SetLastError (dwErrCode=0x0) [0037.195] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0037.195] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0037.195] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x22c) returned 0x21f1800 [0037.195] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x21f1828, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0037.195] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0037.195] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x22c) returned 0x21f1a38 [0037.195] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x21f1a60, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0037.195] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchWideChar=256, lpMultiByteStr=0x19fb30, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0037.195] HeapValidate (hHeap=0x21f0000, dwFlags=0x0, lpMem=0x21f1a38) returned 1 [0037.195] HeapFree (in: hHeap=0x21f0000, dwFlags=0x0, lpMem=0x21f1a38 | out: hHeap=0x21f0000) returned 1 [0037.196] HeapValidate (hHeap=0x21f0000, dwFlags=0x0, lpMem=0x21f1800) returned 1 [0037.196] HeapFree (in: hHeap=0x21f0000, dwFlags=0x0, lpMem=0x21f1800 | out: hHeap=0x21f0000) returned 1 [0037.196] GetLastError () returned 0x0 [0037.196] SetLastError (dwErrCode=0x0) [0037.196] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0037.196] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x22c) returned 0x21f1800 [0037.196] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x21f1828, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0037.196] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0037.196] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x22c) returned 0x21f1a38 [0037.196] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x21f1a60, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽") returned 256 [0037.196] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽", cchWideChar=256, lpMultiByteStr=0x19fa30, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0037.196] HeapValidate (hHeap=0x21f0000, dwFlags=0x0, lpMem=0x21f1a38) returned 1 [0037.196] HeapFree (in: hHeap=0x21f0000, dwFlags=0x0, lpMem=0x21f1a38 | out: hHeap=0x21f0000) returned 1 [0037.196] HeapValidate (hHeap=0x21f0000, dwFlags=0x0, lpMem=0x21f1800) returned 1 [0037.196] HeapFree (in: hHeap=0x21f0000, dwFlags=0x0, lpMem=0x21f1800 | out: hHeap=0x21f0000) returned 1 [0037.196] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x450840, nSize=0x104 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\aksip.exe")) returned 0x21 [0037.196] GetLastError () returned 0x0 [0037.196] SetLastError (dwErrCode=0x0) [0037.196] GetLastError () returned 0x0 [0037.196] SetLastError (dwErrCode=0x0) [0037.196] GetLastError () returned 0x0 [0037.196] SetLastError (dwErrCode=0x0) [0037.197] GetLastError () returned 0x0 [0037.197] SetLastError (dwErrCode=0x0) [0037.197] GetLastError () returned 0x0 [0037.197] SetLastError (dwErrCode=0x0) [0037.197] GetLastError () returned 0x0 [0037.197] SetLastError (dwErrCode=0x0) [0037.197] GetLastError () returned 0x0 [0037.197] SetLastError (dwErrCode=0x0) [0037.197] GetLastError () returned 0x0 [0037.197] SetLastError (dwErrCode=0x0) [0037.197] GetLastError () returned 0x0 [0037.197] SetLastError (dwErrCode=0x0) [0037.197] GetLastError () returned 0x0 [0037.197] SetLastError (dwErrCode=0x0) [0037.197] GetLastError () returned 0x0 [0037.197] SetLastError (dwErrCode=0x0) [0037.197] GetLastError () returned 0x0 [0037.197] SetLastError (dwErrCode=0x0) [0037.197] GetLastError () returned 0x0 [0037.197] SetLastError (dwErrCode=0x0) [0037.197] GetLastError () returned 0x0 [0037.197] SetLastError (dwErrCode=0x0) [0037.197] GetLastError () returned 0x0 [0037.197] SetLastError (dwErrCode=0x0) [0037.197] GetLastError () returned 0x0 [0037.198] SetLastError (dwErrCode=0x0) [0037.198] GetLastError () returned 0x0 [0037.198] SetLastError (dwErrCode=0x0) [0037.198] GetLastError () returned 0x0 [0037.198] SetLastError (dwErrCode=0x0) [0037.198] GetLastError () returned 0x0 [0037.198] SetLastError (dwErrCode=0x0) [0037.198] GetLastError () returned 0x0 [0037.198] SetLastError (dwErrCode=0x0) [0037.198] GetLastError () returned 0x0 [0037.198] SetLastError (dwErrCode=0x0) [0037.198] GetLastError () returned 0x0 [0037.198] SetLastError (dwErrCode=0x0) [0037.198] GetLastError () returned 0x0 [0037.198] SetLastError (dwErrCode=0x0) [0037.198] GetLastError () returned 0x0 [0037.198] SetLastError (dwErrCode=0x0) [0037.198] GetLastError () returned 0x0 [0037.198] SetLastError (dwErrCode=0x0) [0037.198] GetLastError () returned 0x0 [0037.198] SetLastError (dwErrCode=0x0) [0037.198] GetLastError () returned 0x0 [0037.198] SetLastError (dwErrCode=0x0) [0037.198] GetLastError () returned 0x0 [0037.198] SetLastError (dwErrCode=0x0) [0037.198] GetLastError () returned 0x0 [0037.198] SetLastError (dwErrCode=0x0) [0037.199] GetLastError () returned 0x0 [0037.199] SetLastError (dwErrCode=0x0) [0037.199] GetLastError () returned 0x0 [0037.199] SetLastError (dwErrCode=0x0) [0037.199] GetLastError () returned 0x0 [0037.199] SetLastError (dwErrCode=0x0) [0037.199] GetLastError () returned 0x0 [0037.199] SetLastError (dwErrCode=0x0) [0037.199] GetLastError () returned 0x0 [0037.199] SetLastError (dwErrCode=0x0) [0037.199] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x4e) returned 0x21f1800 [0037.199] GetLastError () returned 0x0 [0037.199] SetLastError (dwErrCode=0x0) [0037.199] GetLastError () returned 0x0 [0037.199] SetLastError (dwErrCode=0x0) [0037.199] GetLastError () returned 0x0 [0037.199] SetLastError (dwErrCode=0x0) [0037.199] GetLastError () returned 0x0 [0037.199] SetLastError (dwErrCode=0x0) [0037.199] GetLastError () returned 0x0 [0037.199] SetLastError (dwErrCode=0x0) [0037.199] GetLastError () returned 0x0 [0037.199] SetLastError (dwErrCode=0x0) [0037.199] GetLastError () returned 0x0 [0037.199] SetLastError (dwErrCode=0x0) [0037.199] GetLastError () returned 0x0 [0037.200] SetLastError (dwErrCode=0x0) [0037.200] GetLastError () returned 0x0 [0037.200] SetLastError (dwErrCode=0x0) [0037.200] GetLastError () returned 0x0 [0037.200] SetLastError (dwErrCode=0x0) [0037.200] GetLastError () returned 0x0 [0037.201] SetLastError (dwErrCode=0x0) [0037.201] GetLastError () returned 0x0 [0037.201] SetLastError (dwErrCode=0x0) [0037.201] GetLastError () returned 0x0 [0037.201] SetLastError (dwErrCode=0x0) [0037.201] GetLastError () returned 0x0 [0037.201] SetLastError (dwErrCode=0x0) [0037.201] GetLastError () returned 0x0 [0037.201] SetLastError (dwErrCode=0x0) [0037.201] GetLastError () returned 0x0 [0037.201] SetLastError (dwErrCode=0x0) [0037.201] GetLastError () returned 0x0 [0037.201] SetLastError (dwErrCode=0x0) [0037.201] GetLastError () returned 0x0 [0037.202] SetLastError (dwErrCode=0x0) [0037.202] GetLastError () returned 0x0 [0037.202] SetLastError (dwErrCode=0x0) [0037.202] GetLastError () returned 0x0 [0037.202] SetLastError (dwErrCode=0x0) [0037.202] GetLastError () returned 0x0 [0037.202] SetLastError (dwErrCode=0x0) [0037.202] GetLastError () returned 0x0 [0037.202] SetLastError (dwErrCode=0x0) [0037.202] GetLastError () returned 0x0 [0037.202] SetLastError (dwErrCode=0x0) [0037.202] GetLastError () returned 0x0 [0037.202] SetLastError (dwErrCode=0x0) [0037.202] GetLastError () returned 0x0 [0037.202] SetLastError (dwErrCode=0x0) [0037.202] GetLastError () returned 0x0 [0037.202] SetLastError (dwErrCode=0x0) [0037.202] GetLastError () returned 0x0 [0037.202] SetLastError (dwErrCode=0x0) [0037.202] GetLastError () returned 0x0 [0037.202] SetLastError (dwErrCode=0x0) [0037.202] GetLastError () returned 0x0 [0037.202] SetLastError (dwErrCode=0x0) [0037.202] GetLastError () returned 0x0 [0037.202] SetLastError (dwErrCode=0x0) [0037.202] GetLastError () returned 0x0 [0037.202] SetLastError (dwErrCode=0x0) [0037.203] GetLastError () returned 0x0 [0037.203] SetLastError (dwErrCode=0x0) [0037.203] GetLastError () returned 0x0 [0037.203] SetLastError (dwErrCode=0x0) [0037.203] GetLastError () returned 0x0 [0037.203] SetLastError (dwErrCode=0x0) [0037.203] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0xb8) returned 0x21f1858 [0037.203] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x43) returned 0x21f1918 [0037.203] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x4c) returned 0x21f1968 [0037.203] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x5b) returned 0x21f19c0 [0037.203] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x60) returned 0x21f1a28 [0037.203] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x55) returned 0x21f1a90 [0037.203] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x38) returned 0x21f1af0 [0037.203] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x48) returned 0x21f1b30 [0037.203] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x31) returned 0x21f1b80 [0037.203] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x3b) returned 0x21f1bc0 [0037.203] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x4f) returned 0x21f1c08 [0037.203] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x39) returned 0x21f1c60 [0037.203] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x3b) returned 0x21f1ca8 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x46) returned 0x21f1cf0 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x32) returned 0x21f1d40 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0xe5) returned 0x21f1d80 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x62) returned 0x21f1e70 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x3f) returned 0x21f1ee0 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x41) returned 0x21f1f28 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x6c) returned 0x21f1f78 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x36) returned 0x21f1ff0 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x3c) returned 0x21f2030 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x3f) returned 0x21f2078 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x48) returned 0x21f20c0 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x4d) returned 0x21f2110 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x42) returned 0x21f2168 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x8f) returned 0x21f21b8 [0037.204] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x3b) returned 0x21f2250 [0037.205] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x33) returned 0x21f2298 [0037.205] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x3a) returned 0x21f22d8 [0037.205] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x4c) returned 0x21f2320 [0037.205] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x4b) returned 0x21f2378 [0037.205] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x36) returned 0x21f23d0 [0037.205] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x45) returned 0x21f2410 [0037.205] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x34) returned 0x21f2460 [0037.205] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x40) returned 0x21f24a0 [0037.205] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x36) returned 0x21f24e8 [0037.205] HeapValidate (hHeap=0x21f0000, dwFlags=0x0, lpMem=0x21f1018) returned 1 [0037.205] HeapFree (in: hHeap=0x21f0000, dwFlags=0x0, lpMem=0x21f1018 | out: hHeap=0x21f0000) returned 1 [0037.205] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x77230000 [0037.205] GetProcAddress (hModule=0x77230000, lpProcName="IsProcessorFeaturePresent") returned 0x77245960 [0037.205] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0037.206] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0xa4) returned 0x21f1018 [0037.206] RtlAllocateHeap (HeapHandle=0x21f0000, Flags=0x0, Size=0x824) returned 0x21f2528 [0037.206] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x42e710) returned 0x0 [0037.207] HeapValidate (hHeap=0x21f0000, dwFlags=0x0, lpMem=0x21f1018) returned 1 [0037.207] GetLastError () returned 0x0 [0037.207] SetLastError (dwErrCode=0x0) [0037.207] GetLastError () returned 0x0 [0037.207] SetLastError (dwErrCode=0x0) [0037.207] GetLastError () returned 0x0 [0037.207] SetLastError (dwErrCode=0x0) [0037.207] GetLastError () returned 0x0 [0037.207] SetLastError (dwErrCode=0x0) [0037.207] GetLastError () returned 0x0 [0037.207] SetLastError (dwErrCode=0x0) [0037.207] GetLastError () returned 0x0 [0037.208] SetLastError (dwErrCode=0x0) [0037.208] GetLastError () returned 0x0 [0037.208] SetLastError (dwErrCode=0x0) [0037.208] GetLastError () returned 0x0 [0037.208] SetLastError (dwErrCode=0x0) [0037.208] GetLastError () returned 0x0 [0037.208] SetLastError (dwErrCode=0x0) [0037.208] GetLastError () returned 0x0 [0037.208] SetLastError (dwErrCode=0x0) [0037.208] GetLastError () returned 0x0 [0037.208] SetLastError (dwErrCode=0x0) [0037.208] GetLastError () returned 0x0 [0037.208] SetLastError (dwErrCode=0x0) [0037.208] GetLastError () returned 0x0 [0037.208] SetLastError (dwErrCode=0x0) [0037.208] GetLastError () returned 0x0 [0037.208] SetLastError (dwErrCode=0x0) [0037.208] GetLastError () returned 0x0 [0037.208] SetLastError (dwErrCode=0x0) [0037.208] GetLastError () returned 0x0 [0037.208] SetLastError (dwErrCode=0x0) [0037.208] GetLastError () returned 0x0 [0037.208] SetLastError (dwErrCode=0x0) [0037.208] GetLastError () returned 0x0 [0037.208] SetLastError (dwErrCode=0x0) [0037.209] GetLastError () returned 0x0 [0037.209] SetLastError (dwErrCode=0x0) [0037.209] GetLastError () returned 0x0 [0037.209] SetLastError (dwErrCode=0x0) [0037.209] GetLastError () returned 0x0 [0037.209] SetLastError (dwErrCode=0x0) [0037.209] GetLastError () returned 0x0 [0037.209] SetLastError (dwErrCode=0x0) [0037.209] GetLastError () returned 0x0 [0037.209] SetLastError (dwErrCode=0x0) [0037.209] GetLastError () returned 0x0 [0037.209] SetLastError (dwErrCode=0x0) [0037.209] GetLastError () returned 0x0 [0037.209] SetLastError (dwErrCode=0x0) [0037.209] GetLastError () returned 0x0 [0037.209] SetLastError (dwErrCode=0x0) [0037.209] GetLastError () returned 0x0 [0037.209] SetLastError (dwErrCode=0x0) [0037.209] GetLastError () returned 0x0 [0037.209] SetLastError (dwErrCode=0x0) [0037.209] GetLastError () returned 0x0 [0037.209] SetLastError (dwErrCode=0x0) [0037.209] GetLastError () returned 0x0 [0037.209] SetLastError (dwErrCode=0x0) [0037.209] GetLastError () returned 0x0 [0037.209] SetLastError (dwErrCode=0x0) [0037.209] GetLastError () returned 0x0 [0037.210] SetLastError (dwErrCode=0x0) [0037.210] GetLastError () returned 0x0 [0037.210] SetLastError (dwErrCode=0x0) [0037.210] GetLastError () returned 0x0 [0037.210] SetLastError (dwErrCode=0x0) [0037.210] GetLastError () returned 0x0 [0037.210] SetLastError (dwErrCode=0x0) [0037.215] lstrlenA (lpString="") returned 0 [0037.216] GetCursor () returned 0x10007 [0037.216] GetTickCount () returned 0x114a663 [0037.216] GetCursor () returned 0x10007 [0037.216] GetTickCount () returned 0x114a663 [0037.216] GetCursor () returned 0x10007 [0037.216] GetTickCount () returned 0x114a663 [0037.216] GetCursor () returned 0x10007 [0037.216] GetTickCount () returned 0x114a663 [0037.216] GetCursor () returned 0x10007 [0037.216] GetTickCount () returned 0x114a663 [0037.216] GetCursor () returned 0x10007 [0037.216] GetTickCount () returned 0x114a663 [0037.216] GetCursor () returned 0x10007 [0037.216] GetTickCount () returned 0x114a663 [0037.216] GetCursor () returned 0x10007 [0037.216] GetTickCount () returned 0x114a663 [0037.216] GetCursor () returned 0x10007 [0037.216] GetTickCount () returned 0x114a663 [0037.216] GetCursor () returned 0x10007 [0037.216] GetTickCount () returned 0x114a663 [0037.216] GetCursor () returned 0x10007 [0037.217] GetTickCount () returned 0x114a663 [0037.217] GetCursor () returned 0x10007 [0037.217] GetTickCount () returned 0x114a663 [0037.217] GetCursor () returned 0x10007 [0037.217] GetTickCount () returned 0x114a663 [0037.217] GetCursor () returned 0x10007 [0037.217] GetTickCount () returned 0x114a663 [0037.217] GetCursor () returned 0x10007 [0037.217] GetTickCount () returned 0x114a663 [0037.217] GetCursor () returned 0x10007 [0037.217] GetTickCount () returned 0x114a663 [0037.217] GetCursor () returned 0x10007 [0037.217] GetTickCount () returned 0x114a663 [0037.217] GetCursor () returned 0x10007 [0037.217] GetTickCount () returned 0x114a663 [0037.217] GetCursor () returned 0x10007 [0037.217] GetTickCount () returned 0x114a663 [0037.217] GetCursor () returned 0x10007 [0037.217] GetTickCount () returned 0x114a663 [0037.217] GetCursor () returned 0x10007 [0037.217] GetTickCount () returned 0x114a663 [0037.217] GetCursor () returned 0x10007 [0037.217] GetTickCount () returned 0x114a663 [0037.217] GetCursor () returned 0x10007 [0037.217] GetTickCount () returned 0x114a663 [0037.217] GetCursor () returned 0x10007 [0037.218] GetTickCount () returned 0x114a663 [0037.218] GetCursor () returned 0x10007 [0037.218] GetTickCount () returned 0x114a663 [0037.218] GetCursor () returned 0x10007 [0037.218] GetTickCount () returned 0x114a663 [0037.218] GetCursor () returned 0x10007 [0037.218] GetTickCount () returned 0x114a663 [0037.218] GetCursor () returned 0x10007 [0037.218] GetTickCount () returned 0x114a663 [0037.218] GetCursor () returned 0x10007 [0037.218] GetTickCount () returned 0x114a663 [0037.218] GetCursor () returned 0x10007 [0037.218] GetTickCount () returned 0x114a663 [0037.218] GetCursor () returned 0x10007 [0037.218] GetTickCount () returned 0x114a663 [0037.218] GetCursor () returned 0x10007 [0037.218] GetTickCount () returned 0x114a663 [0037.218] GetCursor () returned 0x10007 [0037.218] GetTickCount () returned 0x114a663 [0037.218] GetCursor () returned 0x10007 [0037.218] GetTickCount () returned 0x114a663 [0037.218] GetCursor () returned 0x10007 [0037.218] GetTickCount () returned 0x114a663 [0037.218] GetCursor () returned 0x10007 [0037.218] GetTickCount () returned 0x114a663 [0037.218] GetCursor () returned 0x10007 [0037.219] GetTickCount () returned 0x114a663 [0037.219] GetCursor () returned 0x10007 [0037.219] GetTickCount () returned 0x114a663 [0037.219] GetCursor () returned 0x10007 [0037.219] GetTickCount () returned 0x114a663 [0037.219] GetCursor () returned 0x10007 [0037.219] GetTickCount () returned 0x114a663 [0037.219] GetCursor () returned 0x10007 [0037.219] GetTickCount () returned 0x114a663 [0037.219] GetCursor () returned 0x10007 [0037.219] GetTickCount () returned 0x114a663 [0037.219] GetCursor () returned 0x10007 [0037.219] GetTickCount () returned 0x114a663 [0037.219] GetCursor () returned 0x10007 [0037.219] GetTickCount () returned 0x114a663 [0037.219] GetCursor () returned 0x10007 [0037.219] GetTickCount () returned 0x114a663 [0037.219] GetCursor () returned 0x10007 [0037.219] GetTickCount () returned 0x114a663 [0037.219] GetCursor () returned 0x10007 [0037.219] GetTickCount () returned 0x114a663 [0037.219] GetCursor () returned 0x10007 [0037.219] GetTickCount () returned 0x114a663 [0037.219] GetCursor () returned 0x10007 [0037.219] GetTickCount () returned 0x114a663 [0037.219] GetCursor () returned 0x10007 [0037.220] GetTickCount () returned 0x114a663 [0037.220] GetCursor () returned 0x10007 [0037.220] GetTickCount () returned 0x114a663 [0037.220] GetCursor () returned 0x10007 [0037.220] GetTickCount () returned 0x114a663 [0037.220] GetCursor () returned 0x10007 [0037.220] GetTickCount () returned 0x114a663 [0037.220] GetCursor () returned 0x10007 [0037.220] GetTickCount () returned 0x114a663 [0037.220] GetCursor () returned 0x10007 [0037.220] GetTickCount () returned 0x114a663 [0037.220] GetCursor () returned 0x10007 [0037.220] GetTickCount () returned 0x114a663 [0037.220] GetCursor () returned 0x10007 [0037.220] GetTickCount () returned 0x114a663 [0037.220] GetCursor () returned 0x10007 [0037.220] GetTickCount () returned 0x114a663 [0037.220] GetCursor () returned 0x10007 [0037.220] GetTickCount () returned 0x114a663 [0037.220] GetCursor () returned 0x10007 [0037.220] GetTickCount () returned 0x114a663 [0037.220] GetCursor () returned 0x10007 [0037.220] GetTickCount () returned 0x114a663 [0037.220] GetCursor () returned 0x10007 [0037.220] GetTickCount () returned 0x114a663 [0037.220] GetCursor () returned 0x10007 [0037.221] GetTickCount () returned 0x114a663 [0037.221] GetCursor () returned 0x10007 [0037.221] GetTickCount () returned 0x114a663 [0037.221] GetCursor () returned 0x10007 [0037.221] GetTickCount () returned 0x114a663 [0037.221] GetCursor () returned 0x10007 [0037.221] GetTickCount () returned 0x114a663 [0037.221] GetCursor () returned 0x10007 [0037.221] GetTickCount () returned 0x114a663 [0037.221] GetCursor () returned 0x10007 [0037.221] GetTickCount () returned 0x114a663 [0037.221] GetCursor () returned 0x10007 [0037.221] GetTickCount () returned 0x114a663 [0037.221] GetCursor () returned 0x10007 [0037.221] GetTickCount () returned 0x114a663 [0037.221] GetCursor () returned 0x10007 [0037.221] GetTickCount () returned 0x114a663 [0037.221] GetCursor () returned 0x10007 [0037.221] GetTickCount () returned 0x114a663 [0037.221] GetCursor () returned 0x10007 [0037.221] GetTickCount () returned 0x114a663 [0037.221] GetCursor () returned 0x10007 [0037.221] GetTickCount () returned 0x114a663 [0037.221] GetCursor () returned 0x10007 [0037.221] GetTickCount () returned 0x114a663 [0037.221] GetCursor () returned 0x10007 [0037.222] GetTickCount () returned 0x114a663 [0037.222] GetCursor () returned 0x10007 [0037.222] GetTickCount () returned 0x114a663 [0037.222] GetCursor () returned 0x10007 [0037.222] GetTickCount () returned 0x114a663 [0037.222] GetCursor () returned 0x10007 [0037.222] GetTickCount () returned 0x114a663 [0037.222] GetCursor () returned 0x10007 [0037.222] GetTickCount () returned 0x114a663 [0037.222] GetCursor () returned 0x10007 [0037.222] GetTickCount () returned 0x114a663 [0037.222] GetCursor () returned 0x10007 [0037.222] GetTickCount () returned 0x114a663 [0037.222] GetCursor () returned 0x10007 [0037.222] GetTickCount () returned 0x114a663 [0037.222] GetCursor () returned 0x10007 [0037.222] GetTickCount () returned 0x114a663 [0037.222] GetCursor () returned 0x10007 [0037.222] GetTickCount () returned 0x114a663 [0037.222] GetCursor () returned 0x10007 [0037.222] GetTickCount () returned 0x114a663 [0037.222] GetCursor () returned 0x10007 [0037.222] GetTickCount () returned 0x114a663 [0037.222] GetCursor () returned 0x10007 [0037.222] GetTickCount () returned 0x114a663 [0037.222] GetCursor () returned 0x10007 [0037.222] GetTickCount () returned 0x114a663 [0037.223] GetCursor () returned 0x10007 [0037.223] GetTickCount () returned 0x114a663 [0037.223] GetCursor () returned 0x10007 [0037.223] GetTickCount () returned 0x114a663 [0037.223] GetCursor () returned 0x10007 [0037.223] GetTickCount () returned 0x114a663 [0037.223] GetCursor () returned 0x10007 [0037.223] GetTickCount () returned 0x114a663 [0037.223] GetCursor () returned 0x10007 [0037.223] GetTickCount () returned 0x114a663 [0037.223] GetCursor () returned 0x10007 [0037.223] GetTickCount () returned 0x114a663 [0037.223] GetCursor () returned 0x10007 [0037.223] GetTickCount () returned 0x114a663 [0037.223] GetCursor () returned 0x10007 [0037.223] GetTickCount () returned 0x114a663 [0037.223] GetCursor () returned 0x10007 [0037.223] GetTickCount () returned 0x114a663 [0037.223] GetCursor () returned 0x10007 [0037.223] GetTickCount () returned 0x114a663 [0037.223] GetCursor () returned 0x10007 [0037.223] GetTickCount () returned 0x114a663 [0037.223] GetCursor () returned 0x10007 [0037.223] GetTickCount () returned 0x114a663 [0037.223] GetCursor () returned 0x10007 [0037.223] GetTickCount () returned 0x114a663 [0037.224] GetCursor () returned 0x10007 [0037.224] GetTickCount () returned 0x114a663 [0037.224] GetCursor () returned 0x10007 [0037.224] GetTickCount () returned 0x114a663 [0037.224] GetCursor () returned 0x10007 [0037.225] GetTickCount () returned 0x114a663 [0037.225] GetCursor () returned 0x10007 [0037.225] GetTickCount () returned 0x114a663 [0037.225] GetCursor () returned 0x10007 [0037.225] GetTickCount () returned 0x114a663 [0037.225] GetCursor () returned 0x10007 [0037.225] GetTickCount () returned 0x114a663 [0037.225] GetCursor () returned 0x10007 [0037.225] GetTickCount () returned 0x114a663 [0037.225] GetCursor () returned 0x10007 [0037.225] GetTickCount () returned 0x114a663 [0037.225] GetCursor () returned 0x10007 [0037.225] GetTickCount () returned 0x114a663 [0037.225] GetCursor () returned 0x10007 [0037.225] GetTickCount () returned 0x114a663 [0037.225] GetCursor () returned 0x10007 [0037.225] GetTickCount () returned 0x114a663 [0037.225] GetCursor () returned 0x10007 [0037.225] GetTickCount () returned 0x114a663 [0037.225] GetCursor () returned 0x10007 [0037.225] GetTickCount () returned 0x114a663 [0037.225] GetCursor () returned 0x10007 [0037.225] GetTickCount () returned 0x114a663 [0037.225] GetCursor () returned 0x10007 [0037.225] GetTickCount () returned 0x114a663 [0037.225] GetCursor () returned 0x10007 [0037.226] GetTickCount () returned 0x114a663 [0037.226] GetCursor () returned 0x10007 [0037.226] GetTickCount () returned 0x114a663 [0037.226] GetCursor () returned 0x10007 [0037.226] GetTickCount () returned 0x114a663 [0037.226] GetCursor () returned 0x10007 [0037.226] GetTickCount () returned 0x114a663 [0037.226] GetCursor () returned 0x10007 [0037.226] GetTickCount () returned 0x114a663 [0037.226] GetCursor () returned 0x10007 [0037.226] GetTickCount () returned 0x114a663 [0037.226] GetCursor () returned 0x10007 [0037.226] GetTickCount () returned 0x114a663 [0037.226] GetCursor () returned 0x10007 [0037.226] GetTickCount () returned 0x114a663 [0037.226] GetCursor () returned 0x10007 [0037.226] GetTickCount () returned 0x114a663 [0037.226] GetCursor () returned 0x10007 [0037.226] GetTickCount () returned 0x114a663 [0037.226] GetCursor () returned 0x10007 [0037.226] GetTickCount () returned 0x114a663 [0037.226] GetCursor () returned 0x10007 [0037.226] GetTickCount () returned 0x114a663 [0037.226] GetCursor () returned 0x10007 [0037.226] GetTickCount () returned 0x114a663 [0037.226] GetCursor () returned 0x10007 [0037.227] GetTickCount () returned 0x114a663 [0037.227] GetCursor () returned 0x10007 [0037.227] GetTickCount () returned 0x114a663 [0037.227] GetCursor () returned 0x10007 [0037.227] GetTickCount () returned 0x114a663 [0037.227] GetCursor () returned 0x10007 [0037.227] GetTickCount () returned 0x114a663 [0037.227] GetCursor () returned 0x10007 [0037.227] GetTickCount () returned 0x114a663 [0037.227] GetCursor () returned 0x10007 [0037.227] GetTickCount () returned 0x114a663 [0037.227] GetCursor () returned 0x10007 [0037.227] GetTickCount () returned 0x114a663 [0037.227] GetCursor () returned 0x10007 [0037.227] GetTickCount () returned 0x114a663 [0037.227] GetCursor () returned 0x10007 [0037.227] GetTickCount () returned 0x114a663 [0037.227] GetCursor () returned 0x10007 [0037.227] GetTickCount () returned 0x114a663 [0037.227] GetCursor () returned 0x10007 [0037.227] GetTickCount () returned 0x114a663 [0037.227] GetCursor () returned 0x10007 [0037.227] GetTickCount () returned 0x114a663 [0037.227] GetCursor () returned 0x10007 [0037.227] GetTickCount () returned 0x114a663 [0037.228] GetCursor () returned 0x10007 [0037.228] GetTickCount () returned 0x114a663 [0037.228] GetCursor () returned 0x10007 [0037.228] GetTickCount () returned 0x114a663 [0037.228] GetCursor () returned 0x10007 [0037.228] GetTickCount () returned 0x114a663 [0037.228] GetCursor () returned 0x10007 [0037.228] GetTickCount () returned 0x114a663 [0037.228] GetCursor () returned 0x10007 [0037.228] GetTickCount () returned 0x114a663 [0037.228] GetCursor () returned 0x10007 [0037.228] GetTickCount () returned 0x114a663 [0037.228] GetCursor () returned 0x10007 [0037.228] GetTickCount () returned 0x114a663 [0037.228] GetCursor () returned 0x10007 [0037.228] GetTickCount () returned 0x114a663 [0037.228] GetCursor () returned 0x10007 [0037.228] GetTickCount () returned 0x114a663 [0037.228] GetCursor () returned 0x10007 [0037.228] GetTickCount () returned 0x114a663 [0037.228] GetCursor () returned 0x10007 [0037.228] GetTickCount () returned 0x114a663 [0037.228] GetCursor () returned 0x10007 [0037.228] GetTickCount () returned 0x114a663 [0037.228] GetCursor () returned 0x10007 [0037.228] GetTickCount () returned 0x114a663 [0037.228] GetCursor () returned 0x10007 [0037.229] GetTickCount () returned 0x114a663 [0037.229] GetCursor () returned 0x10007 [0037.229] GetTickCount () returned 0x114a663 [0037.229] GetCursor () returned 0x10007 [0037.229] GetTickCount () returned 0x114a663 [0037.229] GetCursor () returned 0x10007 [0037.229] GetTickCount () returned 0x114a663 [0037.229] GetCursor () returned 0x10007 [0037.229] GetTickCount () returned 0x114a663 [0037.229] GetCursor () returned 0x10007 [0037.229] GetTickCount () returned 0x114a663 [0037.229] GetCursor () returned 0x10007 [0037.229] GetTickCount () returned 0x114a663 [0037.229] GetCursor () returned 0x10007 [0037.229] GetTickCount () returned 0x114a663 [0037.229] GetCursor () returned 0x10007 [0037.229] GetTickCount () returned 0x114a663 [0037.229] GetCursor () returned 0x10007 [0037.229] GetTickCount () returned 0x114a663 [0037.229] GetCursor () returned 0x10007 [0037.229] GetTickCount () returned 0x114a663 [0037.229] GetCursor () returned 0x10007 [0037.229] GetTickCount () returned 0x114a663 [0037.229] GetCursor () returned 0x10007 [0037.229] GetTickCount () returned 0x114a663 [0037.229] GetCursor () returned 0x10007 [0037.230] GetTickCount () returned 0x114a663 [0037.230] GetCursor () returned 0x10007 [0037.230] GetTickCount () returned 0x114a663 [0037.230] GetCursor () returned 0x10007 [0037.230] GetTickCount () returned 0x114a663 [0037.230] GetCursor () returned 0x10007 [0037.230] GetTickCount () returned 0x114a663 [0037.230] GetCursor () returned 0x10007 [0037.230] GetTickCount () returned 0x114a663 [0037.230] GetCursor () returned 0x10007 [0037.230] GetTickCount () returned 0x114a663 [0037.230] GetCursor () returned 0x10007 [0037.230] GetTickCount () returned 0x114a663 [0037.230] GetCursor () returned 0x10007 [0037.230] GetTickCount () returned 0x114a663 [0037.230] GetCursor () returned 0x10007 [0037.230] GetTickCount () returned 0x114a663 [0037.230] GetCursor () returned 0x10007 [0037.230] GetTickCount () returned 0x114a663 [0037.230] GetCursor () returned 0x10007 [0037.230] GetTickCount () returned 0x114a663 [0037.230] GetCursor () returned 0x10007 [0037.230] GetTickCount () returned 0x114a663 [0037.230] GetCursor () returned 0x10007 [0037.230] GetTickCount () returned 0x114a663 [0037.230] GetCursor () returned 0x10007 [0037.231] GetTickCount () returned 0x114a663 [0037.231] GetCursor () returned 0x10007 [0037.231] GetTickCount () returned 0x114a663 [0037.231] GetCursor () returned 0x10007 [0037.231] GetTickCount () returned 0x114a663 [0037.231] GetCursor () returned 0x10007 [0037.231] GetTickCount () returned 0x114a663 [0037.231] GetCursor () returned 0x10007 [0037.231] GetTickCount () returned 0x114a663 [0037.231] GetCursor () returned 0x10007 [0037.231] GetTickCount () returned 0x114a663 [0037.231] GetCursor () returned 0x10007 [0037.231] GetTickCount () returned 0x114a672 [0037.231] GetCursor () returned 0x10007 [0037.231] GetTickCount () returned 0x114a672 [0037.231] GetCursor () returned 0x10007 [0037.231] GetTickCount () returned 0x114a672 [0037.231] GetCursor () returned 0x10007 [0037.231] GetTickCount () returned 0x114a672 [0037.231] GetCursor () returned 0x10007 [0037.231] GetTickCount () returned 0x114a672 [0037.231] GetCursor () returned 0x10007 [0037.231] GetTickCount () returned 0x114a672 [0037.232] GetCursor () returned 0x10007 [0037.232] GetTickCount () returned 0x114a672 [0037.232] GetCursor () returned 0x10007 [0037.232] GetTickCount () returned 0x114a672 [0037.232] GetCursor () returned 0x10007 [0037.232] GetTickCount () returned 0x114a672 [0037.232] GetCursor () returned 0x10007 [0037.232] GetTickCount () returned 0x114a672 [0037.232] GetCursor () returned 0x10007 [0037.232] GetTickCount () returned 0x114a672 [0037.232] GetCursor () returned 0x10007 [0037.232] GetTickCount () returned 0x114a672 [0037.232] GetCursor () returned 0x10007 [0037.232] GetTickCount () returned 0x114a672 [0037.232] GetCursor () returned 0x10007 [0037.232] GetTickCount () returned 0x114a672 [0037.232] GetCursor () returned 0x10007 [0037.232] GetTickCount () returned 0x114a672 [0037.232] GetCursor () returned 0x10007 [0037.232] GetTickCount () returned 0x114a672 [0037.232] GetCursor () returned 0x10007 [0037.232] GetTickCount () returned 0x114a672 [0037.232] GetCursor () returned 0x10007 [0037.232] GetTickCount () returned 0x114a672 [0037.232] GetCursor () returned 0x10007 [0037.232] GetTickCount () returned 0x114a672 [0037.233] GetCursor () returned 0x10007 [0037.233] GetTickCount () returned 0x114a672 [0037.233] GetCursor () returned 0x10007 [0037.233] GetTickCount () returned 0x114a672 [0037.233] GetCursor () returned 0x10007 [0037.233] GetTickCount () returned 0x114a672 [0037.233] GetCursor () returned 0x10007 [0037.233] GetTickCount () returned 0x114a672 [0037.233] GetCursor () returned 0x10007 [0037.233] GetTickCount () returned 0x114a672 [0037.233] GetCursor () returned 0x10007 [0037.233] GetTickCount () returned 0x114a672 [0037.233] GetCursor () returned 0x10007 [0037.233] GetTickCount () returned 0x114a672 [0037.233] GetCursor () returned 0x10007 [0037.233] GetTickCount () returned 0x114a672 [0037.233] GetCursor () returned 0x10007 [0037.233] GetTickCount () returned 0x114a672 [0037.233] GetCursor () returned 0x10007 [0037.233] GetTickCount () returned 0x114a672 [0037.233] GetCursor () returned 0x10007 [0037.233] GetTickCount () returned 0x114a672 [0037.233] GetCursor () returned 0x10007 [0037.233] GetTickCount () returned 0x114a672 [0037.233] GetCursor () returned 0x10007 [0037.234] GetTickCount () returned 0x114a672 [0037.234] GetCursor () returned 0x10007 [0037.234] GetTickCount () returned 0x114a672 [0037.234] GetCursor () returned 0x10007 [0037.234] GetTickCount () returned 0x114a672 [0037.234] GetCursor () returned 0x10007 [0037.234] GetTickCount () returned 0x114a672 [0037.234] GetCursor () returned 0x10007 [0037.234] GetTickCount () returned 0x114a672 [0037.234] GetCursor () returned 0x10007 [0037.234] GetTickCount () returned 0x114a672 [0037.234] GetCursor () returned 0x10007 [0037.234] GetTickCount () returned 0x114a672 [0037.234] GetCursor () returned 0x10007 [0037.234] GetTickCount () returned 0x114a672 [0037.234] GetCursor () returned 0x10007 [0037.234] GetTickCount () returned 0x114a672 [0037.234] GetCursor () returned 0x10007 [0037.234] GetTickCount () returned 0x114a672 [0037.234] GetCursor () returned 0x10007 [0037.234] GetTickCount () returned 0x114a672 [0037.234] GetCursor () returned 0x10007 [0037.234] GetTickCount () returned 0x114a672 [0037.234] GetCursor () returned 0x10007 [0037.234] GetTickCount () returned 0x114a672 [0037.234] GetCursor () returned 0x10007 [0037.235] GetTickCount () returned 0x114a672 [0037.235] GetCursor () returned 0x10007 [0037.235] GetTickCount () returned 0x114a672 [0037.235] GetCursor () returned 0x10007 [0037.235] GetTickCount () returned 0x114a672 [0037.235] GetCursor () returned 0x10007 [0037.235] GetTickCount () returned 0x114a672 [0037.235] GetCursor () returned 0x10007 [0037.235] GetTickCount () returned 0x114a672 [0037.235] GetCursor () returned 0x10007 [0037.235] GetTickCount () returned 0x114a672 [0037.235] GetCursor () returned 0x10007 [0037.235] GetTickCount () returned 0x114a672 [0037.235] GetCursor () returned 0x10007 [0037.235] GetTickCount () returned 0x114a672 [0037.235] GetCursor () returned 0x10007 [0037.235] GetTickCount () returned 0x114a672 [0037.235] GetCursor () returned 0x10007 [0037.235] GetTickCount () returned 0x114a672 [0037.235] GetCursor () returned 0x10007 [0037.235] GetTickCount () returned 0x114a672 [0037.235] GetCursor () returned 0x10007 [0037.235] GetTickCount () returned 0x114a672 [0037.235] GetCursor () returned 0x10007 [0037.235] GetTickCount () returned 0x114a672 [0037.235] GetCursor () returned 0x10007 [0037.236] GetTickCount () returned 0x114a672 [0037.236] GetCursor () returned 0x10007 [0037.236] GetTickCount () returned 0x114a672 [0037.236] GetCursor () returned 0x10007 [0037.236] GetTickCount () returned 0x114a672 [0037.236] GetCursor () returned 0x10007 [0037.236] GetTickCount () returned 0x114a672 [0037.665] LocalAlloc (uFlags=0x0, uBytes=0x1ee0f) returned 0x5e6348 [0037.679] lstrcatW (in: lpString1="", lpString2="kernel32.dll" | out: lpString1="kernel32.dll") returned="kernel32.dll" [0037.680] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77230000 [0037.680] GetProcAddress (hModule=0x77230000, lpProcName="VirtualProtect") returned 0x77246a30 [0037.680] VirtualProtect (in: lpAddress=0x5e6348, dwSize=0x1ee0f, flNewProtect=0x40, lpflOldProtect=0x19f214 | out: lpflOldProtect=0x19f214*=0x4) returned 1 [0037.699] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77230000 [0037.699] GetProcAddress (hModule=0x77230000, lpProcName="GlobalAlloc") returned 0x77245750 [0037.699] GetProcAddress (hModule=0x77230000, lpProcName="GetLastError") returned 0x77245010 [0037.699] GetProcAddress (hModule=0x77230000, lpProcName="Sleep") returned 0x77246760 [0037.699] GetProcAddress (hModule=0x77230000, lpProcName="VirtualAlloc") returned 0x77246970 [0037.699] GetProcAddress (hModule=0x77230000, lpProcName="CreateToolhelp32Snapshot") returned 0x7727edc0 [0037.699] GetProcAddress (hModule=0x77230000, lpProcName="Module32First") returned 0x7727fc90 [0037.699] GetProcAddress (hModule=0x77230000, lpProcName="CloseHandle") returned 0x7729eab0 [0037.699] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0xf0 [0037.703] Module32First (hSnapshot=0xf0, lpme=0x19f020) returned 1 [0037.703] VirtualAlloc (lpAddress=0x0, dwSize=0x35a50, flAllocationType=0x1000, flProtect=0x40) returned 0x590000 [0037.711] GetProcAddress (hModule=0x77230000, lpProcName="LoadLibraryA") returned 0x77245a80 [0037.711] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77230000 [0037.711] GetProcAddress (hModule=0x77230000, lpProcName="VirtualAlloc") returned 0x77246970 [0037.711] GetProcAddress (hModule=0x77230000, lpProcName="VirtualProtect") returned 0x77246a30 [0037.712] GetProcAddress (hModule=0x77230000, lpProcName="VirtualFree") returned 0x772469d0 [0037.712] GetProcAddress (hModule=0x77230000, lpProcName="GetVersionExA") returned 0x772456d0 [0037.712] GetProcAddress (hModule=0x77230000, lpProcName="TerminateProcess") returned 0x772467e0 [0037.712] GetProcAddress (hModule=0x77230000, lpProcName="ExitProcess") returned 0x77243cb0 [0037.712] GetProcAddress (hModule=0x77230000, lpProcName="SetErrorMode") returned 0x77246500 [0037.712] SetErrorMode (uMode=0x400) returned 0x0 [0037.712] SetErrorMode (uMode=0x0) returned 0x400 [0037.712] GetVersionExA (in: lpVersionInformation=0x19df50*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x5da860, dwBuildNumber=0x5dacd0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19df50*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0037.712] VirtualAlloc (lpAddress=0x0, dwSize=0x34c00, flAllocationType=0x1000, flProtect=0x4) returned 0x2040000 [0037.716] VirtualProtect (in: lpAddress=0x400000, dwSize=0x140000, flNewProtect=0x40, lpflOldProtect=0x19efd8 | out: lpflOldProtect=0x19efd8*=0x2) returned 1 [0037.981] VirtualFree (lpAddress=0x2040000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0037.982] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x773f0000 [0040.768] GetProcAddress (hModule=0x773f0000, lpProcName="SysFreeString") returned 0x7740b920 [0040.768] GetProcAddress (hModule=0x773f0000, lpProcName="SysReAllocStringLen") returned 0x77411500 [0040.768] GetProcAddress (hModule=0x773f0000, lpProcName="SysAllocStringLen") returned 0x7740b7e0 [0040.768] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x759d0000 [0041.601] GetProcAddress (hModule=0x759d0000, lpProcName="RegQueryValueExA") returned 0x759ef020 [0041.601] GetProcAddress (hModule=0x759d0000, lpProcName="RegOpenKeyExA") returned 0x759ef210 [0041.601] GetProcAddress (hModule=0x759d0000, lpProcName="RegCloseKey") returned 0x759eed60 [0041.601] LoadLibraryA (lpLibFileName="user32.dll") returned 0x75f50000 [0041.601] GetProcAddress (hModule=0x75f50000, lpProcName="GetKeyboardType") returned 0x75fc8d80 [0041.601] GetProcAddress (hModule=0x75f50000, lpProcName="DestroyWindow") returned 0x75f83160 [0041.601] GetProcAddress (hModule=0x75f50000, lpProcName="LoadStringA") returned 0x75f6d7b0 [0041.602] GetProcAddress (hModule=0x75f50000, lpProcName="MessageBoxA") returned 0x75fbd740 [0041.602] GetProcAddress (hModule=0x75f50000, lpProcName="CharNextA") returned 0x75f6bf60 [0041.602] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77230000 [0041.602] GetProcAddress (hModule=0x77230000, lpProcName="GetACP") returned 0x77244ca0 [0041.602] GetProcAddress (hModule=0x77230000, lpProcName="Sleep") returned 0x77246760 [0041.602] GetProcAddress (hModule=0x77230000, lpProcName="VirtualFree") returned 0x772469d0 [0041.602] GetProcAddress (hModule=0x77230000, lpProcName="VirtualAlloc") returned 0x77246970 [0041.602] GetProcAddress (hModule=0x77230000, lpProcName="GetTickCount") returned 0x7729dd50 [0041.602] GetProcAddress (hModule=0x77230000, lpProcName="QueryPerformanceCounter") returned 0x77245da0 [0041.602] GetProcAddress (hModule=0x77230000, lpProcName="GetCurrentThreadId") returned 0x77248820 [0041.602] GetProcAddress (hModule=0x77230000, lpProcName="InterlockedDecrement") returned 0x772473c0 [0041.602] GetProcAddress (hModule=0x77230000, lpProcName="InterlockedIncrement") returned 0x77247420 [0041.602] GetProcAddress (hModule=0x77230000, lpProcName="VirtualQuery") returned 0x77246a70 [0041.603] GetProcAddress (hModule=0x77230000, lpProcName="WideCharToMultiByte") returned 0x77246b10 [0041.603] GetProcAddress (hModule=0x77230000, lpProcName="MultiByteToWideChar") returned 0x77245c40 [0041.603] GetProcAddress (hModule=0x77230000, lpProcName="lstrlenA") returned 0x77246c50 [0041.603] GetProcAddress (hModule=0x77230000, lpProcName="lstrcpynA") returned 0x77246c10 [0041.603] GetProcAddress (hModule=0x77230000, lpProcName="LoadLibraryExA") returned 0x77245aa0 [0041.603] GetProcAddress (hModule=0x77230000, lpProcName="GetThreadLocale") returned 0x77245600 [0041.603] GetProcAddress (hModule=0x77230000, lpProcName="GetStartupInfoA") returned 0x772828e0 [0041.603] GetProcAddress (hModule=0x77230000, lpProcName="GetProcAddress") returned 0x772451b0 [0041.603] GetProcAddress (hModule=0x77230000, lpProcName="GetModuleHandleA") returned 0x772450b0 [0041.603] GetProcAddress (hModule=0x77230000, lpProcName="GetModuleFileNameA") returned 0x77245070 [0041.603] GetProcAddress (hModule=0x77230000, lpProcName="GetLocaleInfoA") returned 0x77245020 [0041.603] GetProcAddress (hModule=0x77230000, lpProcName="GetCommandLineA") returned 0x77244cb0 [0041.603] GetProcAddress (hModule=0x77230000, lpProcName="FreeLibrary") returned 0x77244c40 [0041.603] GetProcAddress (hModule=0x77230000, lpProcName="FindFirstFileA") returned 0x7729edb0 [0041.604] GetProcAddress (hModule=0x77230000, lpProcName="FindClose") returned 0x7729ed70 [0041.604] GetProcAddress (hModule=0x77230000, lpProcName="ExitProcess") returned 0x77243cb0 [0041.604] GetProcAddress (hModule=0x77230000, lpProcName="ExitThread") returned 0x77506390 [0041.604] GetProcAddress (hModule=0x77230000, lpProcName="CreateThread") returned 0x772446b0 [0041.604] GetProcAddress (hModule=0x77230000, lpProcName="WriteFile") returned 0x7729f180 [0041.604] GetProcAddress (hModule=0x77230000, lpProcName="UnhandledExceptionFilter") returned 0x772468d0 [0041.604] GetProcAddress (hModule=0x77230000, lpProcName="RtlUnwind") returned 0x77247c10 [0041.604] GetProcAddress (hModule=0x77230000, lpProcName="RaiseException") returned 0x77245e20 [0041.604] GetProcAddress (hModule=0x77230000, lpProcName="GetStdHandle") returned 0x77245330 [0041.604] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77230000 [0041.604] GetProcAddress (hModule=0x77230000, lpProcName="TlsSetValue") returned 0x77246870 [0041.604] GetProcAddress (hModule=0x77230000, lpProcName="TlsGetValue") returned 0x77246850 [0041.604] GetProcAddress (hModule=0x77230000, lpProcName="LocalAlloc") returned 0x77245b20 [0041.604] GetProcAddress (hModule=0x77230000, lpProcName="GetModuleHandleA") returned 0x772450b0 [0041.604] LoadLibraryA (lpLibFileName="user32.dll") returned 0x75f50000 [0041.605] GetProcAddress (hModule=0x75f50000, lpProcName="TranslateMessage") returned 0x75f7f900 [0041.605] GetProcAddress (hModule=0x75f50000, lpProcName="PeekMessageA") returned 0x75f687a0 [0041.605] GetProcAddress (hModule=0x75f50000, lpProcName="MsgWaitForMultipleObjects") returned 0x75f7eca0 [0041.605] GetProcAddress (hModule=0x75f50000, lpProcName="MessageBoxA") returned 0x75fbd740 [0041.605] GetProcAddress (hModule=0x75f50000, lpProcName="LoadStringA") returned 0x75f6d7b0 [0041.605] GetProcAddress (hModule=0x75f50000, lpProcName="GetSystemMetrics") returned 0x75f7ddc0 [0041.605] GetProcAddress (hModule=0x75f50000, lpProcName="DispatchMessageA") returned 0x75f6fd80 [0041.605] GetProcAddress (hModule=0x75f50000, lpProcName="CharNextW") returned 0x75f81130 [0041.605] GetProcAddress (hModule=0x75f50000, lpProcName="CharLowerBuffW") returned 0x75f734a0 [0041.605] GetProcAddress (hModule=0x75f50000, lpProcName="CharNextA") returned 0x75f6bf60 [0041.605] GetProcAddress (hModule=0x75f50000, lpProcName="CharLowerBuffA") returned 0x75fc75b0 [0041.605] GetProcAddress (hModule=0x75f50000, lpProcName="CharLowerA") returned 0x75f72ef0 [0041.605] GetProcAddress (hModule=0x75f50000, lpProcName="CharUpperA") returned 0x75f73690 [0041.606] GetProcAddress (hModule=0x75f50000, lpProcName="CharToOemA") returned 0x75fbf020 [0041.606] LoadLibraryA (lpLibFileName="mpr.dll") returned 0x73df0000 [0042.214] GetProcAddress (hModule=0x73df0000, lpProcName="WNetOpenEnumW") returned 0x73df2790 [0042.214] GetProcAddress (hModule=0x73df0000, lpProcName="WNetEnumResourceW") returned 0x73df2410 [0042.214] GetProcAddress (hModule=0x73df0000, lpProcName="WNetCloseEnum") returned 0x73df2640 [0042.214] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77230000 [0042.214] GetProcAddress (hModule=0x77230000, lpProcName="WriteProcessMemory") returned 0x77246b70 [0042.215] GetProcAddress (hModule=0x77230000, lpProcName="WriteFile") returned 0x7729f180 [0042.215] GetProcAddress (hModule=0x77230000, lpProcName="WaitForSingleObject") returned 0x7729eca0 [0042.215] GetProcAddress (hModule=0x77230000, lpProcName="VirtualQuery") returned 0x77246a70 [0042.215] GetProcAddress (hModule=0x77230000, lpProcName="VirtualAllocEx") returned 0x77246990 [0042.215] GetProcAddress (hModule=0x77230000, lpProcName="TerminateThread") returned 0x77246800 [0042.215] GetProcAddress (hModule=0x77230000, lpProcName="TerminateProcess") returned 0x772467e0 [0042.215] GetProcAddress (hModule=0x77230000, lpProcName="SetLastError") returned 0x77244f00 [0042.215] GetProcAddress (hModule=0x77230000, lpProcName="SetFileTime") returned 0x7729f140 [0042.215] GetProcAddress (hModule=0x77230000, lpProcName="SetFilePointer") returned 0x7729f120 [0042.215] GetProcAddress (hModule=0x77230000, lpProcName="SetFileAttributesW") returned 0x7729f100 [0042.215] GetProcAddress (hModule=0x77230000, lpProcName="SetEvent") returned 0x7729ec50 [0042.215] GetProcAddress (hModule=0x77230000, lpProcName="SetEndOfFile") returned 0x7729f0e0 [0042.215] GetProcAddress (hModule=0x77230000, lpProcName="ResumeThread") returned 0x77246380 [0042.215] GetProcAddress (hModule=0x77230000, lpProcName="ResetEvent") returned 0x7729ec40 [0042.216] GetProcAddress (hModule=0x77230000, lpProcName="ReadFile") returned 0x7729f090 [0042.216] GetProcAddress (hModule=0x77230000, lpProcName="OpenProcess") returned 0x77245cc0 [0042.216] GetProcAddress (hModule=0x77230000, lpProcName="MoveFileW") returned 0x7727e500 [0042.216] GetProcAddress (hModule=0x77230000, lpProcName="LoadLibraryA") returned 0x77245a80 [0042.216] GetProcAddress (hModule=0x77230000, lpProcName="LeaveCriticalSection") returned 0x774eb250 [0042.216] GetProcAddress (hModule=0x77230000, lpProcName="InitializeCriticalSection") returned 0x774faf20 [0042.216] GetProcAddress (hModule=0x77230000, lpProcName="GlobalUnlock") returned 0x772844e0 [0042.216] GetProcAddress (hModule=0x77230000, lpProcName="GlobalReAlloc") returned 0x77283f90 [0042.216] GetProcAddress (hModule=0x77230000, lpProcName="GlobalHandle") returned 0x77284420 [0042.216] GetProcAddress (hModule=0x77230000, lpProcName="GlobalLock") returned 0x772842f0 [0042.216] GetProcAddress (hModule=0x77230000, lpProcName="GlobalFree") returned 0x77241ee0 [0042.216] GetProcAddress (hModule=0x77230000, lpProcName="GlobalAlloc") returned 0x77245750 [0042.216] GetProcAddress (hModule=0x77230000, lpProcName="GetVersionExA") returned 0x772456d0 [0042.216] GetProcAddress (hModule=0x77230000, lpProcName="GetUserDefaultLangID") returned 0x77245690 [0042.217] GetProcAddress (hModule=0x77230000, lpProcName="GetTickCount") returned 0x7729dd50 [0042.217] GetProcAddress (hModule=0x77230000, lpProcName="GetThreadLocale") returned 0x77245600 [0042.217] GetProcAddress (hModule=0x77230000, lpProcName="GetStdHandle") returned 0x77245330 [0042.217] GetProcAddress (hModule=0x77230000, lpProcName="GetProcAddress") returned 0x772451b0 [0042.217] GetProcAddress (hModule=0x77230000, lpProcName="GetModuleHandleA") returned 0x772450b0 [0042.217] GetProcAddress (hModule=0x77230000, lpProcName="GetModuleFileNameW") returned 0x77245090 [0042.217] GetProcAddress (hModule=0x77230000, lpProcName="GetModuleFileNameA") returned 0x77245070 [0042.217] GetProcAddress (hModule=0x77230000, lpProcName="GetLocaleInfoA") returned 0x77245020 [0042.217] GetProcAddress (hModule=0x77230000, lpProcName="GetLocalTime") returned 0x77245060 [0042.217] GetProcAddress (hModule=0x77230000, lpProcName="GetLastError") returned 0x77245010 [0042.217] GetProcAddress (hModule=0x77230000, lpProcName="GetFullPathNameA") returned 0x7729ef90 [0042.217] GetProcAddress (hModule=0x77230000, lpProcName="GetFileAttributesW") returned 0x7729ef10 [0042.217] GetProcAddress (hModule=0x77230000, lpProcName="GetFileAttributesA") returned 0x7729eee0 [0042.217] GetProcAddress (hModule=0x77230000, lpProcName="GetExitCodeThread") returned 0x77244ff0 [0042.218] GetProcAddress (hModule=0x77230000, lpProcName="GetEnvironmentVariableW") returned 0x77244fb0 [0042.218] GetProcAddress (hModule=0x77230000, lpProcName="GetEnvironmentVariableA") returned 0x77244f90 [0042.218] GetProcAddress (hModule=0x77230000, lpProcName="GetDriveTypeA") returned 0x7729eec0 [0042.218] GetProcAddress (hModule=0x77230000, lpProcName="GetDiskFreeSpaceA") returned 0x7729ee80 [0042.218] GetProcAddress (hModule=0x77230000, lpProcName="GetDateFormatA") returned 0x772476e0 [0042.218] GetProcAddress (hModule=0x77230000, lpProcName="GetCurrentThreadId") returned 0x77248820 [0042.218] GetProcAddress (hModule=0x77230000, lpProcName="GetCurrentProcess") returned 0x7729ea10 [0042.218] GetProcAddress (hModule=0x77230000, lpProcName="GetCommandLineW") returned 0x77244cc0 [0042.218] GetProcAddress (hModule=0x77230000, lpProcName="GetCPInfo") returned 0x77244d10 [0042.218] GetProcAddress (hModule=0x77230000, lpProcName="InterlockedIncrement") returned 0x77247420 [0042.218] GetProcAddress (hModule=0x77230000, lpProcName="InterlockedExchange") returned 0x772473e0 [0042.218] GetProcAddress (hModule=0x77230000, lpProcName="InterlockedDecrement") returned 0x772473c0 [0042.218] GetProcAddress (hModule=0x77230000, lpProcName="FreeLibrary") returned 0x77244c40 [0042.218] GetProcAddress (hModule=0x77230000, lpProcName="FormatMessageA") returned 0x77244bc0 [0042.219] GetProcAddress (hModule=0x77230000, lpProcName="FindNextFileW") returned 0x7729ee40 [0042.219] GetProcAddress (hModule=0x77230000, lpProcName="FindFirstFileW") returned 0x7729edf0 [0042.219] GetProcAddress (hModule=0x77230000, lpProcName="FindClose") returned 0x7729ed70 [0042.219] GetProcAddress (hModule=0x77230000, lpProcName="FileTimeToLocalFileTime") returned 0x7729ed60 [0042.219] GetProcAddress (hModule=0x77230000, lpProcName="FileTimeToDosDateTime") returned 0x77281eb0 [0042.219] GetProcAddress (hModule=0x77230000, lpProcName="ExitThread") returned 0x77506390 [0042.219] GetProcAddress (hModule=0x77230000, lpProcName="ExitProcess") returned 0x77243cb0 [0042.219] GetProcAddress (hModule=0x77230000, lpProcName="EnumCalendarInfoA") returned 0x7725c0d0 [0042.219] GetProcAddress (hModule=0x77230000, lpProcName="EnterCriticalSection") returned 0x774eb2d0 [0042.219] GetProcAddress (hModule=0x77230000, lpProcName="DuplicateHandle") returned 0x7729eac0 [0042.219] GetProcAddress (hModule=0x77230000, lpProcName="DeleteFileW") returned 0x7729ed40 [0042.219] GetProcAddress (hModule=0x77230000, lpProcName="DeleteCriticalSection") returned 0x774cfb90 [0042.219] GetProcAddress (hModule=0x77230000, lpProcName="CreateThread") returned 0x772446b0 [0042.219] GetProcAddress (hModule=0x77230000, lpProcName="CreateRemoteThread") returned 0x77244670 [0042.220] GetProcAddress (hModule=0x77230000, lpProcName="CreateProcessW") returned 0x77244610 [0042.220] GetProcAddress (hModule=0x77230000, lpProcName="CreateProcessA") returned 0x772445b0 [0042.220] GetProcAddress (hModule=0x77230000, lpProcName="CreatePipe") returned 0x77244590 [0042.220] GetProcAddress (hModule=0x77230000, lpProcName="CreateFileW") returned 0x7729ed10 [0042.220] GetProcAddress (hModule=0x77230000, lpProcName="CreateFileA") returned 0x7729ed00 [0042.220] GetProcAddress (hModule=0x77230000, lpProcName="CreateEventA") returned 0x7729eb00 [0042.220] GetProcAddress (hModule=0x77230000, lpProcName="CreateDirectoryW") returned 0x7729ece0 [0042.220] GetProcAddress (hModule=0x77230000, lpProcName="CopyFileW") returned 0x7729f3b0 [0042.220] GetProcAddress (hModule=0x77230000, lpProcName="CompareStringW") returned 0x77244430 [0042.220] GetProcAddress (hModule=0x77230000, lpProcName="CompareStringA") returned 0x77244410 [0042.220] GetProcAddress (hModule=0x77230000, lpProcName="CloseHandle") returned 0x7729eab0 [0042.220] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x759d0000 [0042.221] GetProcAddress (hModule=0x759d0000, lpProcName="RegSetValueExW") returned 0x759ef530 [0042.221] GetProcAddress (hModule=0x759d0000, lpProcName="RegSetValueExA") returned 0x759effc0 [0042.221] GetProcAddress (hModule=0x759d0000, lpProcName="RegQueryValueExW") returned 0x759ee5a0 [0042.221] GetProcAddress (hModule=0x759d0000, lpProcName="RegQueryValueExA") returned 0x759ef020 [0042.221] GetProcAddress (hModule=0x759d0000, lpProcName="RegOpenKeyExW") returned 0x759ee580 [0042.221] GetProcAddress (hModule=0x759d0000, lpProcName="RegOpenKeyExA") returned 0x759ef210 [0042.221] GetProcAddress (hModule=0x759d0000, lpProcName="RegEnumKeyExA") returned 0x759f1960 [0042.221] GetProcAddress (hModule=0x759d0000, lpProcName="RegDeleteValueA") returned 0x759f07a0 [0042.221] GetProcAddress (hModule=0x759d0000, lpProcName="RegDeleteKeyA") returned 0x759ef8c0 [0042.221] GetProcAddress (hModule=0x759d0000, lpProcName="RegCreateKeyExW") returned 0x759ef4f0 [0042.221] GetProcAddress (hModule=0x759d0000, lpProcName="RegCreateKeyExA") returned 0x759ef560 [0042.221] GetProcAddress (hModule=0x759d0000, lpProcName="RegCloseKey") returned 0x759eed60 [0042.221] GetProcAddress (hModule=0x759d0000, lpProcName="OpenProcessToken") returned 0x759eefb0 [0042.221] GetProcAddress (hModule=0x759d0000, lpProcName="LookupPrivilegeValueA") returned 0x759e8b30 [0042.222] GetProcAddress (hModule=0x759d0000, lpProcName="AdjustTokenPrivileges") returned 0x759effa0 [0042.222] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77230000 [0042.222] GetProcAddress (hModule=0x77230000, lpProcName="Sleep") returned 0x77246760 [0042.222] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x73b20000 [0042.592] GetProcAddress (hModule=0x73b20000, lpProcName="InternetReadFile") returned 0x73c53a70 [0042.592] GetProcAddress (hModule=0x73b20000, lpProcName="InternetOpenUrlA") returned 0x73d1e8c0 [0042.592] GetProcAddress (hModule=0x73b20000, lpProcName="InternetOpenA") returned 0x73c3f1a0 [0042.592] GetProcAddress (hModule=0x73b20000, lpProcName="InternetConnectA") returned 0x73d1e5b0 [0042.592] GetProcAddress (hModule=0x73b20000, lpProcName="InternetCloseHandle") returned 0x73c2d000 [0042.592] GetProcAddress (hModule=0x73b20000, lpProcName="HttpSendRequestA") returned 0x73cbdd00 [0042.592] GetProcAddress (hModule=0x73b20000, lpProcName="HttpOpenRequestA") returned 0x73d3dba0 [0042.592] GetProcAddress (hModule=0x73b20000, lpProcName="HttpAddRequestHeadersA") returned 0x73c962f0 [0042.592] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x74530000 [0047.707] GetProcAddress (hModule=0x74530000, lpProcName="ShellExecuteW") returned 0x746942e0 [0047.707] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x74530000 [0047.707] GetProcAddress (hModule=0x74530000, lpProcName="SHGetSpecialFolderLocation") returned 0x74693790 [0047.707] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x74530000 [0047.707] GetProcAddress (hModule=0x74530000, lpProcName="SHGetPathFromIDListW") returned 0x7463bda0 [0047.707] GetProcAddress (hModule=0x74530000, lpProcName="SHGetMalloc") returned 0x7469df80 [0047.707] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x773f0000 [0047.707] GetProcAddress (hModule=0x773f0000, lpProcName="SafeArrayPtrOfIndex") returned 0x77416670 [0047.707] GetProcAddress (hModule=0x773f0000, lpProcName="SafeArrayGetUBound") returned 0x77415460 [0047.708] GetProcAddress (hModule=0x773f0000, lpProcName="SafeArrayGetLBound") returned 0x77415ea0 [0047.708] GetProcAddress (hModule=0x773f0000, lpProcName="SafeArrayCreate") returned 0x77410340 [0047.708] GetProcAddress (hModule=0x773f0000, lpProcName="VariantChangeType") returned 0x7740a5e0 [0047.708] GetProcAddress (hModule=0x773f0000, lpProcName="VariantCopy") returned 0x77429dc0 [0047.708] GetProcAddress (hModule=0x773f0000, lpProcName="VariantClear") returned 0x77429db0 [0047.708] GetProcAddress (hModule=0x773f0000, lpProcName="VariantInit") returned 0x77429de0 [0047.708] LoadLibraryA (lpLibFileName="msvcr100.dll") returned 0x73a60000 [0048.155] GetProcAddress (hModule=0x73a60000, lpProcName="atexit") returned 0x73a7c544 [0048.155] atexit (param_1=0x590920) returned 0 [0048.162] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0048.198] GetKeyboardType (nTypeFlag=0) returned 4 [0048.262] GetCommandLineA () returned="\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " [0048.262] GetStartupInfoA (in: lpStartupInfo=0x19ef68 | out: lpStartupInfo=0x19ef68*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0048.262] GetACP () returned 0x4e4 [0048.262] GetCurrentThreadId () returned 0x13a4 [0048.268] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19de58, nSize=0x105 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\aksip.exe")) returned 0x21 [0048.268] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19dd33, nSize=0x105 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\aksip.exe")) returned 0x21 [0048.268] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19de48 | out: phkResult=0x19de48*=0x0) returned 0x2 [0048.269] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19de48 | out: phkResult=0x19de48*=0x0) returned 0x2 [0048.269] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19de48 | out: phkResult=0x19de48*=0x0) returned 0x2 [0048.269] lstrcpynA (in: lpString1=0x19dd33, lpString2="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe", iMaxLength=261 | out: lpString1="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe") returned="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe" [0048.269] GetThreadLocale () returned 0x409 [0048.269] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x19de43, cchData=5 | out: lpLCData="ENU") returned 4 [0048.411] lstrlenA (lpString="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe") returned 33 [0048.411] lstrcpynA (in: lpString1=0x19dd51, lpString2="ENU", iMaxLength=231 | out: lpString1="ENU") returned="ENU" [0048.411] LoadLibraryExA (lpLibFileName="C:\\Users\\FD1HVy\\Desktop\\Aksip.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0048.411] lstrcpynA (in: lpString1=0x19dd51, lpString2="EN", iMaxLength=231 | out: lpString1="EN") returned="EN" [0048.411] LoadLibraryExA (lpLibFileName="C:\\Users\\FD1HVy\\Desktop\\Aksip.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0048.411] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffdc, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffd8, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffef, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffec, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.412] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.418] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x2040000 [0048.518] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x19df74, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.518] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x19df74, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0048.518] GetVersionExA (in: lpVersionInformation=0x19ef0c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0xffffffff, dwMinorVersion=0x19ef30, dwBuildNumber=0x0, dwPlatformId=0x19ef2c, szCSDVersion="") | out: lpVersionInformation=0x19ef0c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0048.524] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77230000 [0048.524] GetProcAddress (hModule=0x77230000, lpProcName="GetDiskFreeSpaceExA") returned 0x7729ee90 [0048.524] GetThreadLocale () returned 0x409 [0048.524] GetSystemMetrics (nIndex=42) returned 0 [0049.244] GetThreadLocale () returned 0x409 [0049.244] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Jan") returned 4 [0049.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x19ede4, cchData=256 | out: lpLCData="January") returned 8 [0049.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Feb") returned 4 [0049.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x19ede4, cchData=256 | out: lpLCData="February") returned 9 [0049.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Mar") returned 4 [0049.255] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x19ede4, cchData=256 | out: lpLCData="March") returned 6 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Apr") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x19ede4, cchData=256 | out: lpLCData="April") returned 6 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x19ede4, cchData=256 | out: lpLCData="May") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x19ede4, cchData=256 | out: lpLCData="May") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Jun") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x19ede4, cchData=256 | out: lpLCData="June") returned 5 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Jul") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x19ede4, cchData=256 | out: lpLCData="July") returned 5 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Aug") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x19ede4, cchData=256 | out: lpLCData="August") returned 7 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Sep") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x19ede4, cchData=256 | out: lpLCData="September") returned 10 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Oct") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x19ede4, cchData=256 | out: lpLCData="October") returned 8 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Nov") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x19ede4, cchData=256 | out: lpLCData="November") returned 9 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Dec") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x19ede4, cchData=256 | out: lpLCData="December") returned 9 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Sun") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Sunday") returned 7 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Mon") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Monday") returned 7 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Tue") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Tuesday") returned 8 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Wed") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Wednesday") returned 10 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Thu") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Thursday") returned 9 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Fri") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Friday") returned 7 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Sat") returned 4 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Saturday") returned 9 [0049.256] GetThreadLocale () returned 0x409 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x19ee40, cchData=256 | out: lpLCData="$") returned 2 [0049.256] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x19ee40, cchData=256 | out: lpLCData="0") returned 2 [0049.262] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x19ee40, cchData=256 | out: lpLCData="0") returned 2 [0049.262] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x19ef38, cchData=2 | out: lpLCData=",") returned 2 [0049.262] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x19ef38, cchData=2 | out: lpLCData=".") returned 2 [0049.262] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x19ee40, cchData=256 | out: lpLCData="2") returned 2 [0049.262] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x19ef38, cchData=2 | out: lpLCData="/") returned 2 [0049.262] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x19ee40, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0049.262] GetThreadLocale () returned 0x409 [0049.262] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x19ee0c, cchData=256 | out: lpLCData="1") returned 2 [0049.262] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x19ee40, cchData=256 | out: lpLCData="dddd, MMMM d, yyyy") returned 19 [0049.271] GetThreadLocale () returned 0x409 [0049.271] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x19ee0c, cchData=256 | out: lpLCData="1") returned 2 [0049.271] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x19ef38, cchData=2 | out: lpLCData=":") returned 2 [0049.271] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x19ee40, cchData=256 | out: lpLCData="AM") returned 3 [0049.271] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x19ee40, cchData=256 | out: lpLCData="PM") returned 3 [0049.271] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x19ee40, cchData=256 | out: lpLCData="0") returned 2 [0049.271] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x19ee40, cchData=256 | out: lpLCData="0") returned 2 [0049.271] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x19ee40, cchData=256 | out: lpLCData="0") returned 2 [0049.271] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x19ef38, cchData=2 | out: lpLCData=",") returned 2 [0049.303] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x773f0000 [0049.303] GetProcAddress (hModule=0x773f0000, lpProcName="VariantChangeTypeEx") returned 0x7740a610 [0049.303] GetProcAddress (hModule=0x773f0000, lpProcName="VarNeg") returned 0x774552c0 [0049.303] GetProcAddress (hModule=0x773f0000, lpProcName="VarNot") returned 0x77456560 [0049.304] GetProcAddress (hModule=0x773f0000, lpProcName="VarAdd") returned 0x7742d610 [0049.304] GetProcAddress (hModule=0x773f0000, lpProcName="VarSub") returned 0x7742e3e0 [0049.304] GetProcAddress (hModule=0x773f0000, lpProcName="VarMul") returned 0x7742db10 [0049.304] GetProcAddress (hModule=0x773f0000, lpProcName="VarDiv") returned 0x77455800 [0049.304] GetProcAddress (hModule=0x773f0000, lpProcName="VarIdiv") returned 0x774561a0 [0049.304] GetProcAddress (hModule=0x773f0000, lpProcName="VarMod") returned 0x77456400 [0049.304] GetProcAddress (hModule=0x773f0000, lpProcName="VarAnd") returned 0x77423200 [0049.304] GetProcAddress (hModule=0x773f0000, lpProcName="VarOr") returned 0x77456610 [0049.304] GetProcAddress (hModule=0x773f0000, lpProcName="VarXor") returned 0x774567b0 [0049.304] GetProcAddress (hModule=0x773f0000, lpProcName="VarCmp") returned 0x774160b0 [0049.304] GetProcAddress (hModule=0x773f0000, lpProcName="VarI4FromStr") returned 0x77416ec0 [0049.304] GetProcAddress (hModule=0x773f0000, lpProcName="VarR4FromStr") returned 0x77423010 [0049.305] GetProcAddress (hModule=0x773f0000, lpProcName="VarR8FromStr") returned 0x77423630 [0049.305] GetProcAddress (hModule=0x773f0000, lpProcName="VarDateFromStr") returned 0x77418b90 [0049.305] GetProcAddress (hModule=0x773f0000, lpProcName="VarCyFromStr") returned 0x77402d90 [0049.305] GetProcAddress (hModule=0x773f0000, lpProcName="VarBoolFromStr") returned 0x774148f0 [0049.305] GetProcAddress (hModule=0x773f0000, lpProcName="VarBstrFromCy") returned 0x77417f50 [0049.305] GetProcAddress (hModule=0x773f0000, lpProcName="VarBstrFromDate") returned 0x774189c0 [0049.305] GetProcAddress (hModule=0x773f0000, lpProcName="VarBstrFromBool") returned 0x774148a0 [0049.317] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x1f4 [0049.317] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1f8 [0049.317] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1fc [0049.345] QueryPerformanceCounter (in: lpPerformanceCount=0x19ef94 | out: lpPerformanceCount=0x19ef94*=14276251886) returned 1 [0049.434] GetTickCount () returned 0x114d60e [0049.434] GetCommandLineA () returned="\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " [0049.486] GetCommandLineA () returned="\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " [0049.488] GetCommandLineA () returned="\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " [0049.495] InternetOpenA (lpszAgent="", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0051.052] InternetOpenUrlA (hInternet=0xcc0004, lpszUrl="http://geoiptool.com", lpszHeaders=0x0, dwHeadersLength=0x0, dwFlags=0x0, dwContext=0x0) returned 0xcc000c [0080.484] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0080.497] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.097] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.194] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.194] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.194] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.195] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.195] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.195] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.195] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.195] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.195] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.196] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.196] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.196] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.196] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.197] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.197] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x400) returned 1 [0081.197] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x213) returned 1 [0081.197] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x19eac4, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x19eec4 | out: lpBuffer=0x19eac4*, lpdwNumberOfBytesRead=0x19eec4*=0x0) returned 1 [0081.249] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0081.250] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0081.281] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19ed9c, nSize=0x105 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\aksip.exe")) returned 0x21 [0081.281] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x21203f8, cbMultiByte=17, lpWideCharStr=0x19dea0, cchWideChar=2047 | out: lpWideCharStr="4F063931.zeppelinc\x19㲚玻?\x19痠㌀c镘bȞ") returned 17 [0081.287] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x21797e0, cbMultiByte=4, lpWideCharStr=0x19dc54, cchWideChar=2047 | out: lpWideCharStr="TEMP") returned 4 [0081.287] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19ec7a, nSize=0x20a | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0081.287] SysReAllocStringLen (in: pbstr=0x19eec4*=0x0, psz="C:\\Users\\FD1HVy\\AppData\\Local\\Temp", len=0x22 | out: pbstr=0x19eec4*="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 1 [0081.287] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\4f063931.zeppelin"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x550 [0081.865] WriteFile (in: hFile=0x550, lpBuffer=0x2171b28*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x19eec8, lpOverlapped=0x0 | out: lpBuffer=0x2171b28*, lpNumberOfBytesWritten=0x19eec8*=0x1, lpOverlapped=0x0) returned 1 [0081.866] CloseHandle (hObject=0x550) returned 1 [0081.873] Sleep (dwMilliseconds=0x29a) [0082.544] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f7d1f30, ftCreationTime.dwHighDateTime=0x1d5e806, ftLastAccessTime.dwLowDateTime=0x5f7d1f30, ftLastAccessTime.dwHighDateTime=0x1d5e806, ftLastWriteTime.dwLowDateTime=0x5f7d1f30, ftLastWriteTime.dwHighDateTime=0x1d5e806, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x0, dwReserved1=0x0, cFileName="4F063931.zeppelin", cAlternateFileName="4F0639~1.ZEP")) returned 0x656040 [0082.545] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec2c | out: lpLocalFileTime=0x19ec2c) returned 1 [0082.545] FileTimeToDosDateTime (in: lpFileTime=0x19ec2c, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0082.545] FindClose (in: hFindFile=0x656040 | out: hFindFile=0x656040) returned 1 [0082.546] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\4f063931.zeppelin")) returned 1 [0082.547] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19eda0, nSize=0x105 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\aksip.exe")) returned 0x21 [0082.549] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x21203f8, cbMultiByte=17, lpWideCharStr=0x19dea4, cchWideChar=2047 | out: lpWideCharStr="4F063931.zeppelin\x19㲚玻?\x19痠㌀c镘bȞ") returned 17 [0082.550] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2179750, cbMultiByte=4, lpWideCharStr=0x19dc58, cchWideChar=2047 | out: lpWideCharStr="TEMP?\x19䟟睎膍桢¼") returned 4 [0082.550] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19ec7e, nSize=0x20a | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0082.550] SysReAllocStringLen (in: pbstr=0x19eec8*=0x0, psz="C:\\Users\\FD1HVy\\AppData\\Local\\Temp", len=0x22 | out: pbstr=0x19eec8*="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 1 [0082.551] SysReAllocStringLen (in: pbstr=0x215c0a8*=0x0, psz="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", len=0x34 | out: pbstr=0x215c0a8*="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin") returned 1 [0082.557] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x404694, lpParameter=0x2171b20, dwCreationFlags=0x4, lpThreadId=0x215c070 | out: lpThreadId=0x215c070*=0xf2c) returned 0x55c [0088.497] ResumeThread (hThread=0x55c) returned 0x1 [0088.685] GetCommandLineA () returned="\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " [0088.698] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee90 | out: phkResult=0x19ee90*=0x0) returned 0x2 [0088.952] LoadStringA (in: hInstance=0x400000, uID=0xffed, lpBuffer=0x19cccc, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0088.952] VirtualQuery (in: lpAddress=0x403031, lpBuffer=0x19de3c, dwLength=0x1c | out: lpBuffer=0x19de3c*(BaseAddress=0x403000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x13d000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0088.952] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19dd37, nSize=0x105 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\aksip.exe")) returned 0x21 [0088.958] LoadStringA (in: hInstance=0x400000, uID=0xffc2, lpBuffer=0x19ccc4, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0088.958] RtlUnwind (TargetFrame=0x19eea8, TargetIp=0x403fa8, ExceptionRecord=0x19e330, ReturnValue=0x0) [0088.964] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20006, lpSecurityAttributes=0x0, phkResult=0x19ee94, lpdwDisposition=0x19ee98 | out: phkResult=0x19ee94*=0x558, lpdwDisposition=0x19ee98*=0x1) returned 0x0 [0088.964] RegSetValueExA (in: hKey=0x558, lpValueName="Process", Reserved=0x0, dwType=0x1, lpData="gnrJ2+hhJXKkOcChVO+C0Tk1gVlSpeQZOtb96o7qoQGhf7M2Fj0Ygx5nYA==", cbData=0x3d | out: lpData="gnrJ2+hhJXKkOcChVO+C0Tk1gVlSpeQZOtb96o7qoQGhf7M2Fj0Ygx5nYA==") returned 0x0 [0089.134] RegCloseKey (hKey=0x558) returned 0x0 [0089.230] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2179780, cbMultiByte=7, lpWideCharStr=0x19dc24, cchWideChar=2047 | out: lpWideCharStr="APPDATA") returned 7 [0089.243] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x19ec4a, nSize=0x20a | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming") returned 0x1f [0089.243] SysReAllocStringLen (in: pbstr=0x19eec0*=0x0, psz="C:\\Users\\FD1HVy\\AppData\\Roaming", len=0x1f | out: pbstr=0x19eec0*="C:\\Users\\FD1HVy\\AppData\\Roaming") returned 1 [0089.245] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x216a708, cbMultiByte=18, lpWideCharStr=0x19de48, cchWideChar=2047 | out: lpWideCharStr="Microsoft\\Windows\\") returned 18 [0089.245] SysReAllocStringLen (in: pbstr=0x19eecc*=0x0, psz="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\", len=0x32 | out: pbstr=0x19eecc*="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\") returned 1 [0089.245] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\windows")) returned 0x10 [0089.872] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2179840, cbMultiByte=11, lpWideCharStr=0x19de4c, cchWideChar=2047 | out: lpWideCharStr="svchost.exedows\\") returned 11 [0089.883] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\windows\\svchost.exe")) returned 0 [0089.884] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19ec3c, nSize=0x20a | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\aksip.exe")) returned 0x21 [0089.884] CopyFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\aksip.exe"), lpNewFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\windows\\svchost.exe"), bFailIfExists=0) returned 1 [0096.478] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2171b88, cbMultiByte=1, lpWideCharStr=0x19de4c, cchWideChar=2047 | out: lpWideCharStr="\"\x19") returned 1 [0096.478] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x21797e0, cbMultiByte=8, lpWideCharStr=0x19de44, cchWideChar=2047 | out: lpWideCharStr="\" -start") returned 8 [0096.479] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x20ed558, cbMultiByte=57, lpWideCharStr=0x19de48, cchWideChar=2047 | out: lpWideCharStr="Software\\Microsoft\\Windows\\CurrentVersion\\Run\\svchost.exe") returned 57 [0096.612] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20006, lpSecurityAttributes=0x0, phkResult=0x19ee18, lpdwDisposition=0x19ee1c | out: phkResult=0x19ee18*=0x554, lpdwDisposition=0x19ee1c*=0x2) returned 0x0 [0096.612] RegSetValueExW (in: hKey=0x554, lpValueName="svchost.exe", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe\" -start", cbData=0x8e | out: lpData="\"C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe\" -start") returned 0x0 [0096.686] RegCloseKey (hKey=0x554) returned 0x0 [0096.687] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2179738, cbMultiByte=6, lpWideCharStr=0x19de0c, cchWideChar=2047 | out: lpWideCharStr="-start਴d?\x19r") returned 6 [0096.687] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x21797f8, cbMultiByte=5, lpWideCharStr=0x19de04, cchWideChar=2047 | out: lpWideCharStr="runasstart਴d?\x19r") returned 5 [0096.687] ShellExecuteW (hwnd=0x0, lpOperation="runas", lpFile="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe", lpParameters="-start", lpDirectory=0x0, nShowCmd=1) returned 0x2a [0108.976] GetCurrentProcess () returned 0xffffffff [0108.976] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x19ee60 | out: TokenHandle=0x19ee60*=0x5dc) returned 1 [0108.976] LookupPrivilegeValueA (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19ee54 | out: lpLuid=0x19ee54*(LowPart=0x14, HighPart=0)) returned 1 [0109.216] AdjustTokenPrivileges (in: TokenHandle=0x5dc, DisableAllPrivileges=0, NewState=0x19ee40*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x19ee50 | out: PreviousState=0x0, ReturnLength=0x19ee50) returned 1 [0109.216] CloseHandle (hObject=0x5dc) returned 1 [0109.216] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x21797f8, cbMultiByte=11, lpWideCharStr=0x19de58, cchWideChar=2047 | out: lpWideCharStr="notepad.exe") returned 11 [0109.216] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="notepad.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000044, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ee90*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ee80 | out: lpCommandLine="notepad.exe", lpProcessInformation=0x19ee80*(hProcess=0x644, hThread=0x5dc, dwProcessId=0x12c8, dwThreadId=0xe0c)) returned 1 [0109.588] CloseHandle (hObject=0x5dc) returned 1 [0109.588] OpenProcessToken (in: ProcessHandle=0x12c8, DesiredAccess=0x28, TokenHandle=0x19ee60 | out: TokenHandle=0x19ee60*=0x0) returned 0 [0109.588] LookupPrivilegeValueA (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19ee54 | out: lpLuid=0x19ee54*(LowPart=0x14, HighPart=0)) returned 1 [0109.590] AdjustTokenPrivileges (in: TokenHandle=0x0, DisableAllPrivileges=0, NewState=0x19ee40*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x19ee50 | out: PreviousState=0x0, ReturnLength=0x19ee50) returned 0 [0109.590] CloseHandle (hObject=0x0) returned 0 [0109.590] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x12c8) returned 0x5dc [0109.590] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77230000 [0109.591] GetProcAddress (hModule=0x77230000, lpProcName="DeleteFileW") returned 0x7729ed40 [0109.591] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77230000 [0109.591] GetProcAddress (hModule=0x77230000, lpProcName="ExitProcess") returned 0x77243cb0 [0109.591] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77230000 [0109.592] GetProcAddress (hModule=0x77230000, lpProcName="Sleep") returned 0x77246760 [0109.592] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19ec08, nSize=0x20a | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Aksip.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\aksip.exe")) returned 0x21 [0109.592] VirtualAllocEx (hProcess=0x5dc, lpAddress=0x0, dwSize=0x43, flAllocationType=0x3000, flProtect=0x40) returned 0x2d40000 [0109.593] WriteProcessMemory (in: hProcess=0x5dc, lpBaseAddress=0x2d40000, lpBuffer=0x68a06c*, nSize=0x43, lpNumberOfBytesWritten=0x19ee5c | out: lpBuffer=0x68a06c*, lpNumberOfBytesWritten=0x19ee5c*=0x43) returned 1 [0109.594] VirtualAllocEx (hProcess=0x5dc, lpAddress=0x0, dwSize=0x10, flAllocationType=0x3000, flProtect=0x40) returned 0x2d50000 [0109.628] WriteProcessMemory (in: hProcess=0x5dc, lpBaseAddress=0x2d50000, lpBuffer=0x19ee48*, nSize=0x10, lpNumberOfBytesWritten=0x19ee5c | out: lpBuffer=0x19ee48*, lpNumberOfBytesWritten=0x19ee5c*=0x10) returned 1 [0109.632] VirtualAllocEx (hProcess=0x5dc, lpAddress=0x0, dwSize=0x1f4, flAllocationType=0x3000, flProtect=0x40) returned 0x2d60000 [0109.633] WriteProcessMemory (in: hProcess=0x5dc, lpBaseAddress=0x2d60000, lpBuffer=0x42c2ec*, nSize=0x1f4, lpNumberOfBytesWritten=0x19ee5c | out: lpBuffer=0x42c2ec*, lpNumberOfBytesWritten=0x19ee5c*=0x1f4) returned 1 [0109.633] CreateRemoteThread (in: hProcess=0x5dc, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2d60000, lpParameter=0x2d50000, dwCreationFlags=0x0, lpThreadId=0x19ee58 | out: lpThreadId=0x19ee58*=0x12a8) returned 0x670 [0109.634] CloseHandle (hObject=0x5dc) returned 1 [0109.634] Sleep (dwMilliseconds=0x3e8) [0110.686] ExitProcess (uExitCode=0xdeadface) [0110.713] TerminateProcess (hProcess=0xffffffff, uExitCode=0x0) Thread: id = 2 os_tid = 0x13b4 Thread: id = 3 os_tid = 0x106c Thread: id = 8 os_tid = 0xd6c Thread: id = 9 os_tid = 0xb7c Thread: id = 16 os_tid = 0xd40 Thread: id = 20 os_tid = 0x7b0 Thread: id = 24 os_tid = 0xc74 Thread: id = 28 os_tid = 0xf2c [0096.501] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x774a0000, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x2e4fd24, nFileSizeHigh=0x3c2000, nFileSizeLow=0x3a7000, dwReserved0=0x0, dwReserved1=0x2e4fcb0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0096.645] GetLastError () returned 0x2 [0096.651] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x548) returned 0x0 [0096.651] RegQueryValueExA (in: hKey=0x548, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0096.651] RegCloseKey (hKey=0x548) returned 0x0 [0097.529] Sleep (dwMilliseconds=0xa) [0097.634] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0097.639] GetLastError () returned 0x2 [0097.639] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x5a8) returned 0x0 [0097.640] RegQueryValueExA (in: hKey=0x5a8, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0097.640] RegCloseKey (hKey=0x5a8) returned 0x0 [0097.640] Sleep (dwMilliseconds=0xa) [0097.686] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0097.686] GetLastError () returned 0x2 [0097.686] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x5b4) returned 0x0 [0097.686] RegQueryValueExA (in: hKey=0x5b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0097.686] RegCloseKey (hKey=0x5b4) returned 0x0 [0097.686] Sleep (dwMilliseconds=0xa) [0097.736] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0097.779] GetLastError () returned 0x2 [0097.779] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x654) returned 0x0 [0097.779] RegQueryValueExA (in: hKey=0x654, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0097.780] RegCloseKey (hKey=0x654) returned 0x0 [0097.780] Sleep (dwMilliseconds=0xa) [0098.000] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0098.001] GetLastError () returned 0x2 [0098.001] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x658) returned 0x0 [0098.001] RegQueryValueExA (in: hKey=0x658, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0098.001] RegCloseKey (hKey=0x658) returned 0x0 [0098.001] Sleep (dwMilliseconds=0xa) [0098.054] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0098.054] GetLastError () returned 0x2 [0098.054] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x680) returned 0x0 [0098.054] RegQueryValueExA (in: hKey=0x680, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0098.054] RegCloseKey (hKey=0x680) returned 0x0 [0098.054] Sleep (dwMilliseconds=0xa) [0098.094] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0098.094] GetLastError () returned 0x2 [0098.094] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x680) returned 0x0 [0098.094] RegQueryValueExA (in: hKey=0x680, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0098.094] RegCloseKey (hKey=0x680) returned 0x0 [0098.094] Sleep (dwMilliseconds=0xa) [0098.146] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0098.147] GetLastError () returned 0x2 [0098.147] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x69c) returned 0x0 [0098.147] RegQueryValueExA (in: hKey=0x69c, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0098.147] RegCloseKey (hKey=0x69c) returned 0x0 [0098.147] Sleep (dwMilliseconds=0xa) [0098.248] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0098.248] GetLastError () returned 0x2 [0098.248] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6a8) returned 0x0 [0098.249] RegQueryValueExA (in: hKey=0x6a8, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0098.249] RegCloseKey (hKey=0x6a8) returned 0x0 [0098.249] Sleep (dwMilliseconds=0xa) [0098.342] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0098.342] GetLastError () returned 0x2 [0098.342] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6a8) returned 0x0 [0098.342] RegQueryValueExA (in: hKey=0x6a8, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0098.343] RegCloseKey (hKey=0x6a8) returned 0x0 [0098.343] Sleep (dwMilliseconds=0xa) [0098.436] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0098.437] GetLastError () returned 0x2 [0098.438] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b0) returned 0x0 [0098.441] RegQueryValueExA (in: hKey=0x6b0, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0098.441] RegCloseKey (hKey=0x6b0) returned 0x0 [0098.441] Sleep (dwMilliseconds=0xa) [0098.560] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0098.561] GetLastError () returned 0x2 [0098.561] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0098.562] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0098.562] RegCloseKey (hKey=0x6b4) returned 0x0 [0098.562] Sleep (dwMilliseconds=0xa) [0098.617] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0098.617] GetLastError () returned 0x2 [0098.618] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6c8) returned 0x0 [0098.619] RegQueryValueExA (in: hKey=0x6c8, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0098.619] RegCloseKey (hKey=0x6c8) returned 0x0 [0098.619] Sleep (dwMilliseconds=0xa) [0098.667] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0098.667] GetLastError () returned 0x2 [0098.667] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6cc) returned 0x0 [0098.668] RegQueryValueExA (in: hKey=0x6cc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0098.668] RegCloseKey (hKey=0x6cc) returned 0x0 [0098.668] Sleep (dwMilliseconds=0xa) [0098.758] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0098.758] GetLastError () returned 0x2 [0098.758] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6cc) returned 0x0 [0098.759] RegQueryValueExA (in: hKey=0x6cc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0098.759] RegCloseKey (hKey=0x6cc) returned 0x0 [0098.759] Sleep (dwMilliseconds=0xa) [0098.830] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0098.830] GetLastError () returned 0x2 [0098.830] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6cc) returned 0x0 [0098.832] RegQueryValueExA (in: hKey=0x6cc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0098.832] RegCloseKey (hKey=0x6cc) returned 0x0 [0098.832] Sleep (dwMilliseconds=0xa) [0098.942] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0098.942] GetLastError () returned 0x2 [0098.942] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6cc) returned 0x0 [0098.943] RegQueryValueExA (in: hKey=0x6cc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0098.943] RegCloseKey (hKey=0x6cc) returned 0x0 [0098.943] Sleep (dwMilliseconds=0xa) [0099.025] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0099.025] GetLastError () returned 0x2 [0099.025] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6cc) returned 0x0 [0099.026] RegQueryValueExA (in: hKey=0x6cc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0099.026] RegCloseKey (hKey=0x6cc) returned 0x0 [0099.026] Sleep (dwMilliseconds=0xa) [0099.063] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0099.063] GetLastError () returned 0x2 [0099.064] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6cc) returned 0x0 [0099.065] RegQueryValueExA (in: hKey=0x6cc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0099.065] RegCloseKey (hKey=0x6cc) returned 0x0 [0099.065] Sleep (dwMilliseconds=0xa) [0099.112] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0099.112] GetLastError () returned 0x2 [0099.112] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6cc) returned 0x0 [0099.113] RegQueryValueExA (in: hKey=0x6cc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0099.113] RegCloseKey (hKey=0x6cc) returned 0x0 [0099.113] Sleep (dwMilliseconds=0xa) [0099.169] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0099.170] GetLastError () returned 0x2 [0099.170] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6cc) returned 0x0 [0099.171] RegQueryValueExA (in: hKey=0x6cc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0099.171] RegCloseKey (hKey=0x6cc) returned 0x0 [0099.171] Sleep (dwMilliseconds=0xa) [0102.122] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0102.122] GetLastError () returned 0x2 [0102.122] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6cc) returned 0x0 [0102.124] RegQueryValueExA (in: hKey=0x6cc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0102.124] RegCloseKey (hKey=0x6cc) returned 0x0 [0102.124] Sleep (dwMilliseconds=0xa) [0102.138] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0102.138] GetLastError () returned 0x2 [0102.138] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6cc) returned 0x0 [0102.140] RegQueryValueExA (in: hKey=0x6cc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0102.140] RegCloseKey (hKey=0x6cc) returned 0x0 [0102.140] Sleep (dwMilliseconds=0xa) [0102.154] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0102.154] GetLastError () returned 0x2 [0102.154] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6cc) returned 0x0 [0102.155] RegQueryValueExA (in: hKey=0x6cc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0102.156] RegCloseKey (hKey=0x6cc) returned 0x0 [0102.156] Sleep (dwMilliseconds=0xa) [0102.170] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0102.170] GetLastError () returned 0x2 [0102.170] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6cc) returned 0x0 [0102.171] RegQueryValueExA (in: hKey=0x6cc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0102.171] RegCloseKey (hKey=0x6cc) returned 0x0 [0102.171] Sleep (dwMilliseconds=0xa) [0102.216] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0102.217] GetLastError () returned 0x2 [0102.217] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6c8) returned 0x0 [0102.217] RegQueryValueExA (in: hKey=0x6c8, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0102.217] RegCloseKey (hKey=0x6c8) returned 0x0 [0102.217] Sleep (dwMilliseconds=0xa) [0102.263] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0102.264] GetLastError () returned 0x2 [0102.264] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6a0) returned 0x0 [0102.264] RegQueryValueExA (in: hKey=0x6a0, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0102.264] RegCloseKey (hKey=0x6a0) returned 0x0 [0102.264] Sleep (dwMilliseconds=0xa) [0102.291] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0102.291] GetLastError () returned 0x2 [0102.291] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6a0) returned 0x0 [0102.291] RegQueryValueExA (in: hKey=0x6a0, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0102.291] RegCloseKey (hKey=0x6a0) returned 0x0 [0102.291] Sleep (dwMilliseconds=0xa) [0102.439] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0102.440] GetLastError () returned 0x2 [0102.440] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6a0) returned 0x0 [0102.448] RegQueryValueExA (in: hKey=0x6a0, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0102.448] RegCloseKey (hKey=0x6a0) returned 0x0 [0102.448] Sleep (dwMilliseconds=0xa) [0102.487] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0102.488] GetLastError () returned 0x2 [0102.488] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6a0) returned 0x0 [0102.488] RegQueryValueExA (in: hKey=0x6a0, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0102.488] RegCloseKey (hKey=0x6a0) returned 0x0 [0102.488] Sleep (dwMilliseconds=0xa) [0102.666] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0102.667] GetLastError () returned 0x2 [0102.668] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b8) returned 0x0 [0102.671] RegQueryValueExA (in: hKey=0x6b8, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0102.671] RegCloseKey (hKey=0x6b8) returned 0x0 [0102.671] Sleep (dwMilliseconds=0xa) [0102.719] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0102.720] GetLastError () returned 0x2 [0102.720] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0102.721] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0102.721] RegCloseKey (hKey=0x6b4) returned 0x0 [0102.721] Sleep (dwMilliseconds=0xa) [0102.768] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0102.768] GetLastError () returned 0x2 [0102.768] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0102.769] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0102.769] RegCloseKey (hKey=0x6b4) returned 0x0 [0102.769] Sleep (dwMilliseconds=0xa) [0102.814] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0102.814] GetLastError () returned 0x2 [0102.814] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0102.815] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0102.815] RegCloseKey (hKey=0x6b4) returned 0x0 [0102.816] Sleep (dwMilliseconds=0xa) [0102.861] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0102.861] GetLastError () returned 0x2 [0102.861] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0102.862] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0102.862] RegCloseKey (hKey=0x6b4) returned 0x0 [0102.862] Sleep (dwMilliseconds=0xa) [0105.768] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0105.769] GetLastError () returned 0x2 [0105.769] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0105.770] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0105.770] RegCloseKey (hKey=0x6b4) returned 0x0 [0105.770] Sleep (dwMilliseconds=0xa) [0105.799] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0105.799] GetLastError () returned 0x2 [0105.799] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0105.800] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0105.800] RegCloseKey (hKey=0x6b4) returned 0x0 [0105.800] Sleep (dwMilliseconds=0xa) [0105.822] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0105.822] GetLastError () returned 0x2 [0105.822] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0105.823] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0105.823] RegCloseKey (hKey=0x6b4) returned 0x0 [0105.823] Sleep (dwMilliseconds=0xa) [0105.891] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0105.892] GetLastError () returned 0x2 [0105.892] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0105.893] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0105.893] RegCloseKey (hKey=0x6b4) returned 0x0 [0105.893] Sleep (dwMilliseconds=0xa) [0105.940] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0105.941] GetLastError () returned 0x2 [0105.941] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6bc) returned 0x0 [0105.942] RegQueryValueExA (in: hKey=0x6bc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0105.942] RegCloseKey (hKey=0x6bc) returned 0x0 [0105.942] Sleep (dwMilliseconds=0xa) [0105.988] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0105.988] GetLastError () returned 0x2 [0105.988] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6bc) returned 0x0 [0105.989] RegQueryValueExA (in: hKey=0x6bc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0105.989] RegCloseKey (hKey=0x6bc) returned 0x0 [0105.989] Sleep (dwMilliseconds=0xa) [0106.039] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0106.039] GetLastError () returned 0x2 [0106.039] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0106.040] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0106.040] RegCloseKey (hKey=0x6b4) returned 0x0 [0106.040] Sleep (dwMilliseconds=0xa) [0106.074] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0106.074] GetLastError () returned 0x2 [0106.074] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0106.076] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0106.076] RegCloseKey (hKey=0x6b4) returned 0x0 [0106.076] Sleep (dwMilliseconds=0xa) [0106.126] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0106.127] GetLastError () returned 0x2 [0106.127] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0106.128] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0106.128] RegCloseKey (hKey=0x6b4) returned 0x0 [0106.128] Sleep (dwMilliseconds=0xa) [0108.650] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0108.650] GetLastError () returned 0x2 [0108.650] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0108.651] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0108.651] RegCloseKey (hKey=0x6b4) returned 0x0 [0108.651] Sleep (dwMilliseconds=0xa) [0108.684] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0108.685] GetLastError () returned 0x2 [0108.685] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0108.686] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0108.686] RegCloseKey (hKey=0x6b4) returned 0x0 [0108.686] Sleep (dwMilliseconds=0xa) [0108.707] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0108.707] GetLastError () returned 0x2 [0108.707] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0108.708] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0108.708] RegCloseKey (hKey=0x6b4) returned 0x0 [0108.708] Sleep (dwMilliseconds=0xa) [0108.736] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0108.736] GetLastError () returned 0x2 [0108.736] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0108.737] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0108.737] RegCloseKey (hKey=0x6b4) returned 0x0 [0108.737] Sleep (dwMilliseconds=0xa) [0108.759] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0108.759] GetLastError () returned 0x2 [0108.759] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6b4) returned 0x0 [0108.760] RegQueryValueExA (in: hKey=0x6b4, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0108.760] RegCloseKey (hKey=0x6b4) returned 0x0 [0108.760] Sleep (dwMilliseconds=0xa) [0108.814] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0108.814] GetLastError () returned 0x2 [0108.814] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6cc) returned 0x0 [0108.815] RegQueryValueExA (in: hKey=0x6cc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0108.815] RegCloseKey (hKey=0x6cc) returned 0x0 [0108.815] Sleep (dwMilliseconds=0xa) [0108.848] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0108.849] GetLastError () returned 0x2 [0108.849] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x6ec) returned 0x0 [0108.850] RegQueryValueExA (in: hKey=0x6ec, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0108.850] RegCloseKey (hKey=0x6ec) returned 0x0 [0108.850] Sleep (dwMilliseconds=0xa) [0109.074] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0109.075] GetLastError () returned 0x2 [0109.194] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x660) returned 0x0 [0109.195] RegQueryValueExA (in: hKey=0x660, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0109.195] RegCloseKey (hKey=0x660) returned 0x0 [0109.195] Sleep (dwMilliseconds=0xa) [0109.582] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179780, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0109.582] GetLastError () returned 0x2 [0109.582] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x678) returned 0x0 [0109.583] RegQueryValueExA (in: hKey=0x678, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0109.584] RegCloseKey (hKey=0x678) returned 0x0 [0109.584] Sleep (dwMilliseconds=0xa) [0109.680] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179780, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0109.681] GetLastError () returned 0x2 [0109.681] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x5dc) returned 0x0 [0109.682] RegQueryValueExA (in: hKey=0x5dc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0109.682] RegCloseKey (hKey=0x5dc) returned 0x0 [0109.682] Sleep (dwMilliseconds=0xa) [0109.948] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0109.948] GetLastError () returned 0x2 [0109.949] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x5dc) returned 0x0 [0109.950] RegQueryValueExA (in: hKey=0x5dc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0109.950] RegCloseKey (hKey=0x5dc) returned 0x0 [0109.950] Sleep (dwMilliseconds=0xa) [0110.013] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0110.013] GetLastError () returned 0x2 [0110.013] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x5dc) returned 0x0 [0110.014] RegQueryValueExA (in: hKey=0x5dc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0110.014] RegCloseKey (hKey=0x5dc) returned 0x0 [0110.015] Sleep (dwMilliseconds=0xa) [0110.066] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0110.093] GetLastError () returned 0x2 [0110.093] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x5dc) returned 0x0 [0110.095] RegQueryValueExA (in: hKey=0x5dc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0110.095] RegCloseKey (hKey=0x5dc) returned 0x0 [0110.095] Sleep (dwMilliseconds=0xa) [0110.140] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0110.140] GetLastError () returned 0x2 [0110.140] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x5dc) returned 0x0 [0110.141] RegQueryValueExA (in: hKey=0x5dc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0110.141] RegCloseKey (hKey=0x5dc) returned 0x0 [0110.142] Sleep (dwMilliseconds=0xa) [0110.187] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0110.187] GetLastError () returned 0x2 [0110.188] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x5dc) returned 0x0 [0110.189] RegQueryValueExA (in: hKey=0x5dc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0110.189] RegCloseKey (hKey=0x5dc) returned 0x0 [0110.189] Sleep (dwMilliseconds=0xa) [0110.270] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0110.270] GetLastError () returned 0x2 [0110.270] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x5dc) returned 0x0 [0110.271] RegQueryValueExA (in: hKey=0x5dc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0110.271] RegCloseKey (hKey=0x5dc) returned 0x0 [0110.271] Sleep (dwMilliseconds=0xa) [0110.373] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0110.373] GetLastError () returned 0x2 [0110.373] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x5dc) returned 0x0 [0110.374] RegQueryValueExA (in: hKey=0x5dc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0110.374] RegCloseKey (hKey=0x5dc) returned 0x0 [0110.374] Sleep (dwMilliseconds=0xa) [0110.423] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0110.429] GetLastError () returned 0x2 [0110.429] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x5dc) returned 0x0 [0110.449] RegQueryValueExA (in: hKey=0x5dc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0110.450] RegCloseKey (hKey=0x5dc) returned 0x0 [0110.450] Sleep (dwMilliseconds=0xa) [0110.516] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0110.517] GetLastError () returned 0x2 [0110.517] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x5dc) returned 0x0 [0110.518] RegQueryValueExA (in: hKey=0x5dc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0110.518] RegCloseKey (hKey=0x5dc) returned 0x0 [0110.518] Sleep (dwMilliseconds=0xa) [0110.634] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0110.634] GetLastError () returned 0x2 [0110.634] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x5dc) returned 0x0 [0110.636] RegQueryValueExA (in: hKey=0x5dc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0110.636] RegCloseKey (hKey=0x5dc) returned 0x0 [0110.636] Sleep (dwMilliseconds=0xa) [0110.683] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\4F063931.zeppelin", lpFindFileData=0x2e4fcc0 | out: lpFindFileData=0x2e4fcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x2e4fe1c, ftLastAccessTime.dwLowDateTime=0x774f8fb3, ftLastAccessTime.dwHighDateTime=0x2179810, ftLastWriteTime.dwLowDateTime=0x12, ftLastWriteTime.dwHighDateTime=0x774f8fcf, nFileSizeHigh=0xef, nFileSizeLow=0x1b0608, dwReserved0=0x77510000, dwReserved1=0x2e40000, cFileName="", cAlternateFileName="@ˤ◐疵닫ত￾￿4ˤ㔟疴\n")) returned 0xffffffff [0110.684] GetLastError () returned 0x2 [0110.684] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Zeppelin", ulOptions=0x0, samDesired=0x20019, phkResult=0x2e4fe98 | out: phkResult=0x2e4fe98*=0x5dc) returned 0x0 [0110.685] RegQueryValueExA (in: hKey=0x5dc, lpValueName="Stop", lpReserved=0x0, lpType=0x2e4fe9c, lpData=0x0, lpcbData=0x2e4fe94*=0x2e4ff0c | out: lpType=0x2e4fe9c*=0x0, lpData=0x0, lpcbData=0x2e4fe94*=0x0) returned 0x2 [0110.685] RegCloseKey (hKey=0x5dc) returned 0x0 [0110.685] Sleep (dwMilliseconds=0xa) Thread: id = 32 os_tid = 0x1304 Thread: id = 33 os_tid = 0x12f4 Process: id = "2" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0x137a000" os_pid = "0x11a4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "C:\\WINDOWS\\SysWOW64\\WerFault.exe -u -p 5024 -s 796" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 4 os_tid = 0x11bc Thread: id = 5 os_tid = 0x11d8 Thread: id = 6 os_tid = 0x11d4 Thread: id = 7 os_tid = 0x1204 Process: id = "3" image_name = "aksip.exe" filename = "c:\\users\\fd1hvy\\desktop\\aksip.exe" page_root = "0x12c37000" os_pid = "0x1058" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " cur_dir = "C:\\WINDOWS\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Process: id = "4" image_name = "aksip.exe" filename = "c:\\users\\fd1hvy\\desktop\\aksip.exe" page_root = "0xb12f000" os_pid = "0xbe8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " cur_dir = "C:\\WINDOWS\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Process: id = "5" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0xf0c3000" os_pid = "0xd5c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "C:\\WINDOWS\\SysWOW64\\WerFault.exe -u -p 5024 -s 844" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 10 os_tid = 0xd68 Thread: id = 11 os_tid = 0x8f4 Thread: id = 12 os_tid = 0x914 Process: id = "6" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0x5bcc4000" os_pid = "0x2c0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "C:\\WINDOWS\\SysWOW64\\WerFault.exe -u -p 5024 -s 856" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 13 os_tid = 0x394 Thread: id = 14 os_tid = 0xd7c Thread: id = 15 os_tid = 0xbdc Process: id = "7" image_name = "aksip.exe" filename = "c:\\users\\fd1hvy\\desktop\\aksip.exe" page_root = "0x78dc2000" os_pid = "0x1ec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " cur_dir = "C:\\WINDOWS\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Process: id = "8" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0x779c5000" os_pid = "0xf80" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "C:\\WINDOWS\\SysWOW64\\WerFault.exe -u -p 5024 -s 1088" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 17 os_tid = 0xfe4 Thread: id = 18 os_tid = 0xe90 Thread: id = 19 os_tid = 0x388 Process: id = "9" image_name = "aksip.exe" filename = "c:\\users\\fd1hvy\\desktop\\aksip.exe" page_root = "0xc627000" os_pid = "0xed0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " cur_dir = "C:\\WINDOWS\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Process: id = "10" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0x134c6000" os_pid = "0xd3c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "C:\\WINDOWS\\SysWOW64\\WerFault.exe -u -p 5024 -s 1332" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 21 os_tid = 0xff8 Thread: id = 22 os_tid = 0x48c Thread: id = 23 os_tid = 0xc4c Process: id = "11" image_name = "aksip.exe" filename = "c:\\users\\fd1hvy\\desktop\\aksip.exe" page_root = "0x13fbe000" os_pid = "0xe60" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " cur_dir = "C:\\WINDOWS\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Process: id = "12" image_name = "aksip.exe" filename = "c:\\users\\fd1hvy\\desktop\\aksip.exe" page_root = "0x10142000" os_pid = "0xbec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " cur_dir = "C:\\WINDOWS\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Process: id = "13" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0x1d9c7000" os_pid = "0xf20" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "C:\\WINDOWS\\SysWOW64\\WerFault.exe -u -p 5024 -s 1384" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 25 os_tid = 0x119c Thread: id = 26 os_tid = 0xf40 Thread: id = 27 os_tid = 0xf3c Process: id = "14" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0x5e7c8000" os_pid = "0x1310" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "C:\\WINDOWS\\SysWOW64\\WerFault.exe -u -p 5024 -s 1392" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 29 os_tid = 0x132c Thread: id = 30 os_tid = 0x1308 Thread: id = 31 os_tid = 0x12d4 Process: id = "15" image_name = "aksip.exe" filename = "c:\\users\\fd1hvy\\desktop\\aksip.exe" page_root = "0x1384e000" os_pid = "0x12c0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " cur_dir = "C:\\WINDOWS\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Process: id = "16" image_name = "aksip.exe" filename = "c:\\users\\fd1hvy\\desktop\\aksip.exe" page_root = "0x77953000" os_pid = "0x12dc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " cur_dir = "C:\\WINDOWS\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Process: id = "17" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0xd649000" os_pid = "0x12fc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "C:\\WINDOWS\\SysWOW64\\WerFault.exe -u -p 5024 -s 1752" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 34 os_tid = 0x12f8 Thread: id = 35 os_tid = 0x134c Thread: id = 36 os_tid = 0x1318 Process: id = "18" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0xcbca000" os_pid = "0x1314" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "C:\\WINDOWS\\SysWOW64\\WerFault.exe -u -p 5024 -s 1764" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 37 os_tid = 0x12d8 Thread: id = 38 os_tid = 0x12d0 Thread: id = 39 os_tid = 0x1330 Process: id = "19" image_name = "aksip.exe" filename = "c:\\users\\fd1hvy\\desktop\\aksip.exe" page_root = "0x1a498000" os_pid = "0x1350" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\Aksip.exe\" " cur_dir = "C:\\WINDOWS\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Process: id = "20" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4dc28000" os_pid = "0x538" os_integrity_level = "0x4000" os_privileges = "0x260814080" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k appmodel" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xe], "NT SERVICE\\tiledatamodelsvc" [0xa], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e591" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 40 os_tid = 0x11a8 Thread: id = 41 os_tid = 0x828 Thread: id = 42 os_tid = 0x808 Thread: id = 43 os_tid = 0x804 Thread: id = 44 os_tid = 0x774 Thread: id = 45 os_tid = 0x688 Thread: id = 46 os_tid = 0x680 Thread: id = 47 os_tid = 0x57c Thread: id = 48 os_tid = 0x578 Thread: id = 49 os_tid = 0x574 Thread: id = 50 os_tid = 0x53c Process: id = "21" image_name = "svchost.exe" filename = "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\windows\\svchost.exe" page_root = "0x732da000" os_pid = "0x1340" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "\"C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe\" -start" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 51 os_tid = 0x1398 [0109.532] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff70 | out: lpSystemTimeAsFileTime=0x19ff70*(dwLowDateTime=0x6ffbd534, dwHighDateTime=0x1d5e806)) [0109.532] GetCurrentProcessId () returned 0x1340 [0109.532] GetCurrentThreadId () returned 0x1398 [0109.532] GetTickCount () returned 0x115c0db [0109.532] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff60 | out: lpPerformanceCount=0x19ff60*=20299916999) returned 1 [0109.659] GetStartupInfoA (in: lpStartupInfo=0x19ff18 | out: lpStartupInfo=0x19ff18*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0109.659] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x580000 [0109.661] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0109.661] GetProcAddress (hModule=0x77230000, lpProcName="FlsAlloc") returned 0x77244ae0 [0109.661] GetProcAddress (hModule=0x77230000, lpProcName="FlsGetValue") returned 0x77244b20 [0109.662] GetProcAddress (hModule=0x77230000, lpProcName="FlsSetValue") returned 0x77244b40 [0109.662] GetProcAddress (hModule=0x77230000, lpProcName="FlsFree") returned 0x77244b00 [0109.662] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0109.662] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0109.662] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0109.662] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0109.662] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0109.662] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0109.662] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0109.662] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0109.663] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0109.663] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0109.663] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0109.663] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0109.663] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0109.663] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0109.663] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0109.664] GetProcAddress (hModule=0x77230000, lpProcName="DecodePointer") returned 0x77501ec0 [0109.664] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x238) returned 0x2301020 [0109.664] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0109.664] GetProcAddress (hModule=0x77230000, lpProcName="DecodePointer") returned 0x77501ec0 [0109.664] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77230000 [0109.664] GetProcAddress (hModule=0x77230000, lpProcName="EncodePointer") returned 0x775029e0 [0109.664] GetProcAddress (hModule=0x77230000, lpProcName="DecodePointer") returned 0x77501ec0 [0109.664] GetCurrentThreadId () returned 0x1398 [0109.664] GetStartupInfoA (in: lpStartupInfo=0x19fe84 | out: lpStartupInfo=0x19fe84*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0109.664] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x824) returned 0x2301260 [0109.665] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0109.665] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0109.665] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0109.665] SetHandleCount (uNumber=0x20) returned 0x20 [0109.665] GetCommandLineA () returned="\"C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe\" -start" [0109.665] GetEnvironmentStringsW () returned 0x80f2f0* [0109.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1470, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1470 [0109.665] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x5e2) returned 0x2301a90 [0109.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1470, lpMultiByteStr=0x2301ab0, cbMultiByte=1470, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1470 [0109.665] FreeEnvironmentStringsW (penv=0x80f2f0) returned 1 [0109.665] GetLastError () returned 0x0 [0109.665] SetLastError (dwErrCode=0x0) [0109.665] GetLastError () returned 0x0 [0109.665] SetLastError (dwErrCode=0x0) [0109.665] GetLastError () returned 0x0 [0109.665] SetLastError (dwErrCode=0x0) [0109.665] GetACP () returned 0x4e4 [0109.665] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x244) returned 0x2302080 [0109.665] GetLastError () returned 0x0 [0109.665] SetLastError (dwErrCode=0x0) [0109.665] IsValidCodePage (CodePage=0x4e4) returned 1 [0109.665] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fe4c | out: lpCPInfo=0x19fe4c) returned 1 [0109.666] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f910 | out: lpCPInfo=0x19f910) returned 1 [0109.666] GetLastError () returned 0x0 [0109.666] SetLastError (dwErrCode=0x0) [0109.666] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x19f8a8 | out: lpCharType=0x19f8a8) returned 1 [0109.666] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0109.666] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x22c) returned 0x23022d0 [0109.666] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x23022f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0109.666] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpCharType=0x19fc30 | out: lpCharType=0x19fc30) returned 1 [0109.666] HeapValidate (hHeap=0x580000, dwFlags=0x0, lpMem=0x23022d0) returned 1 [0109.666] HeapFree (in: hHeap=0x580000, dwFlags=0x0, lpMem=0x23022d0 | out: hHeap=0x580000) returned 1 [0109.666] GetLastError () returned 0x0 [0109.666] SetLastError (dwErrCode=0x0) [0109.666] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0109.666] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0109.666] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x22c) returned 0x23022d0 [0109.666] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x23022f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0109.666] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0109.666] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x22c) returned 0x2302508 [0109.666] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x2302530, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0109.666] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchWideChar=256, lpMultiByteStr=0x19fb30, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0109.666] HeapValidate (hHeap=0x580000, dwFlags=0x0, lpMem=0x2302508) returned 1 [0109.666] HeapFree (in: hHeap=0x580000, dwFlags=0x0, lpMem=0x2302508 | out: hHeap=0x580000) returned 1 [0109.666] HeapValidate (hHeap=0x580000, dwFlags=0x0, lpMem=0x23022d0) returned 1 [0109.667] HeapFree (in: hHeap=0x580000, dwFlags=0x0, lpMem=0x23022d0 | out: hHeap=0x580000) returned 1 [0109.667] GetLastError () returned 0x0 [0109.667] SetLastError (dwErrCode=0x0) [0109.667] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0109.667] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x22c) returned 0x23022d0 [0109.667] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f928, cbMultiByte=256, lpWideCharStr=0x23022f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽") returned 256 [0109.667] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0109.667] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x22c) returned 0x2302508 [0109.667] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ﷽﷽", cchSrc=256, lpDestStr=0x2302530, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽") returned 256 [0109.667] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ﷽﷽", cchWideChar=256, lpMultiByteStr=0x19fa30, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0109.667] HeapValidate (hHeap=0x580000, dwFlags=0x0, lpMem=0x2302508) returned 1 [0109.667] HeapFree (in: hHeap=0x580000, dwFlags=0x0, lpMem=0x2302508 | out: hHeap=0x580000) returned 1 [0109.667] HeapValidate (hHeap=0x580000, dwFlags=0x0, lpMem=0x23022d0) returned 1 [0109.667] HeapFree (in: hHeap=0x580000, dwFlags=0x0, lpMem=0x23022d0 | out: hHeap=0x580000) returned 1 [0109.667] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x450840, nSize=0x104 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\windows\\svchost.exe")) returned 0x3d [0109.667] GetLastError () returned 0x0 [0109.667] SetLastError (dwErrCode=0x0) [0109.667] GetLastError () returned 0x0 [0109.667] SetLastError (dwErrCode=0x0) [0109.667] GetLastError () returned 0x0 [0109.667] SetLastError (dwErrCode=0x0) [0109.668] GetLastError () returned 0x0 [0109.668] SetLastError (dwErrCode=0x0) [0109.668] GetLastError () returned 0x0 [0109.668] SetLastError (dwErrCode=0x0) [0109.668] GetLastError () returned 0x0 [0109.668] SetLastError (dwErrCode=0x0) [0109.668] GetLastError () returned 0x0 [0109.668] SetLastError (dwErrCode=0x0) [0109.668] GetLastError () returned 0x0 [0109.668] SetLastError (dwErrCode=0x0) [0109.668] GetLastError () returned 0x0 [0109.668] SetLastError (dwErrCode=0x0) [0109.668] GetLastError () returned 0x0 [0109.668] SetLastError (dwErrCode=0x0) [0109.668] GetLastError () returned 0x0 [0109.668] SetLastError (dwErrCode=0x0) [0109.668] GetLastError () returned 0x0 [0109.668] SetLastError (dwErrCode=0x0) [0109.668] GetLastError () returned 0x0 [0109.668] SetLastError (dwErrCode=0x0) [0109.668] GetLastError () returned 0x0 [0109.668] SetLastError (dwErrCode=0x0) [0109.668] GetLastError () returned 0x0 [0109.668] SetLastError (dwErrCode=0x0) [0109.668] GetLastError () returned 0x0 [0109.669] SetLastError (dwErrCode=0x0) [0109.669] GetLastError () returned 0x0 [0109.669] SetLastError (dwErrCode=0x0) [0109.669] GetLastError () returned 0x0 [0109.669] SetLastError (dwErrCode=0x0) [0109.669] GetLastError () returned 0x0 [0109.669] SetLastError (dwErrCode=0x0) [0109.669] GetLastError () returned 0x0 [0109.669] SetLastError (dwErrCode=0x0) [0109.669] GetLastError () returned 0x0 [0109.669] SetLastError (dwErrCode=0x0) [0109.669] GetLastError () returned 0x0 [0109.669] SetLastError (dwErrCode=0x0) [0109.669] GetLastError () returned 0x0 [0109.669] SetLastError (dwErrCode=0x0) [0109.669] GetLastError () returned 0x0 [0109.669] SetLastError (dwErrCode=0x0) [0109.669] GetLastError () returned 0x0 [0109.669] SetLastError (dwErrCode=0x0) [0109.669] GetLastError () returned 0x0 [0109.669] SetLastError (dwErrCode=0x0) [0109.669] GetLastError () returned 0x0 [0109.669] SetLastError (dwErrCode=0x0) [0109.669] GetLastError () returned 0x0 [0109.670] SetLastError (dwErrCode=0x0) [0109.670] GetLastError () returned 0x0 [0109.670] SetLastError (dwErrCode=0x0) [0109.670] GetLastError () returned 0x0 [0109.670] SetLastError (dwErrCode=0x0) [0109.670] GetLastError () returned 0x0 [0109.670] SetLastError (dwErrCode=0x0) [0109.670] GetLastError () returned 0x0 [0109.670] SetLastError (dwErrCode=0x0) [0109.670] GetLastError () returned 0x0 [0109.670] SetLastError (dwErrCode=0x0) [0109.670] GetLastError () returned 0x0 [0109.670] SetLastError (dwErrCode=0x0) [0109.670] GetLastError () returned 0x0 [0109.670] SetLastError (dwErrCode=0x0) [0109.670] GetLastError () returned 0x0 [0109.670] SetLastError (dwErrCode=0x0) [0109.670] GetLastError () returned 0x0 [0109.670] SetLastError (dwErrCode=0x0) [0109.670] GetLastError () returned 0x0 [0109.670] SetLastError (dwErrCode=0x0) [0109.670] GetLastError () returned 0x0 [0109.670] SetLastError (dwErrCode=0x0) [0109.683] GetLastError () returned 0x0 [0109.683] SetLastError (dwErrCode=0x0) [0109.683] GetLastError () returned 0x0 [0109.683] SetLastError (dwErrCode=0x0) [0109.683] GetLastError () returned 0x0 [0109.683] SetLastError (dwErrCode=0x0) [0109.683] GetLastError () returned 0x0 [0109.683] SetLastError (dwErrCode=0x0) [0109.683] GetLastError () returned 0x0 [0109.683] SetLastError (dwErrCode=0x0) [0109.683] GetLastError () returned 0x0 [0109.683] SetLastError (dwErrCode=0x0) [0109.683] GetLastError () returned 0x0 [0109.684] SetLastError (dwErrCode=0x0) [0109.684] GetLastError () returned 0x0 [0109.684] SetLastError (dwErrCode=0x0) [0109.684] GetLastError () returned 0x0 [0109.684] SetLastError (dwErrCode=0x0) [0109.684] GetLastError () returned 0x0 [0109.684] SetLastError (dwErrCode=0x0) [0109.684] GetLastError () returned 0x0 [0109.684] SetLastError (dwErrCode=0x0) [0109.684] GetLastError () returned 0x0 [0109.684] SetLastError (dwErrCode=0x0) [0109.684] GetLastError () returned 0x0 [0109.684] SetLastError (dwErrCode=0x0) [0109.684] GetLastError () returned 0x0 [0109.684] SetLastError (dwErrCode=0x0) [0109.684] GetLastError () returned 0x0 [0109.684] SetLastError (dwErrCode=0x0) [0109.684] GetLastError () returned 0x0 [0109.684] SetLastError (dwErrCode=0x0) [0109.684] GetLastError () returned 0x0 [0109.684] SetLastError (dwErrCode=0x0) [0109.684] GetLastError () returned 0x0 [0109.684] SetLastError (dwErrCode=0x0) [0109.684] GetLastError () returned 0x0 [0109.685] SetLastError (dwErrCode=0x0) [0109.685] GetLastError () returned 0x0 [0109.685] SetLastError (dwErrCode=0x0) [0109.685] GetLastError () returned 0x0 [0109.685] SetLastError (dwErrCode=0x0) [0109.685] GetLastError () returned 0x0 [0109.685] SetLastError (dwErrCode=0x0) [0109.685] GetLastError () returned 0x0 [0109.685] SetLastError (dwErrCode=0x0) [0109.685] GetLastError () returned 0x0 [0109.685] SetLastError (dwErrCode=0x0) [0109.685] GetLastError () returned 0x0 [0109.685] SetLastError (dwErrCode=0x0) [0109.685] GetLastError () returned 0x0 [0109.685] SetLastError (dwErrCode=0x0) [0109.685] GetLastError () returned 0x0 [0109.685] SetLastError (dwErrCode=0x0) [0109.685] GetLastError () returned 0x0 [0109.685] SetLastError (dwErrCode=0x0) [0109.685] GetLastError () returned 0x0 [0109.685] SetLastError (dwErrCode=0x0) [0109.685] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x75) returned 0x23022d0 [0109.685] GetLastError () returned 0x0 [0109.685] SetLastError (dwErrCode=0x0) [0109.685] GetLastError () returned 0x0 [0109.686] SetLastError (dwErrCode=0x0) [0109.686] GetLastError () returned 0x0 [0109.686] SetLastError (dwErrCode=0x0) [0109.686] GetLastError () returned 0x0 [0109.686] SetLastError (dwErrCode=0x0) [0109.686] GetLastError () returned 0x0 [0109.686] SetLastError (dwErrCode=0x0) [0109.686] GetLastError () returned 0x0 [0109.686] SetLastError (dwErrCode=0x0) [0109.686] GetLastError () returned 0x0 [0109.686] SetLastError (dwErrCode=0x0) [0109.686] GetLastError () returned 0x0 [0109.686] SetLastError (dwErrCode=0x0) [0109.686] GetLastError () returned 0x0 [0109.686] SetLastError (dwErrCode=0x0) [0109.686] GetLastError () returned 0x0 [0109.687] SetLastError (dwErrCode=0x0) [0109.687] GetLastError () returned 0x0 [0109.687] SetLastError (dwErrCode=0x0) [0109.687] GetLastError () returned 0x0 [0109.687] SetLastError (dwErrCode=0x0) [0109.687] GetLastError () returned 0x0 [0109.687] SetLastError (dwErrCode=0x0) [0109.687] GetLastError () returned 0x0 [0109.687] SetLastError (dwErrCode=0x0) [0109.687] GetLastError () returned 0x0 [0109.687] SetLastError (dwErrCode=0x0) [0109.687] GetLastError () returned 0x0 [0109.687] SetLastError (dwErrCode=0x0) [0109.687] GetLastError () returned 0x0 [0109.687] SetLastError (dwErrCode=0x0) [0109.687] GetLastError () returned 0x0 [0109.687] SetLastError (dwErrCode=0x0) [0109.687] GetLastError () returned 0x0 [0109.687] SetLastError (dwErrCode=0x0) [0109.687] GetLastError () returned 0x0 [0109.687] SetLastError (dwErrCode=0x0) [0109.687] GetLastError () returned 0x0 [0109.687] SetLastError (dwErrCode=0x0) [0109.687] GetLastError () returned 0x0 [0109.688] SetLastError (dwErrCode=0x0) [0109.688] GetLastError () returned 0x0 [0109.688] SetLastError (dwErrCode=0x0) [0109.688] GetLastError () returned 0x0 [0109.688] SetLastError (dwErrCode=0x0) [0109.688] GetLastError () returned 0x0 [0109.688] SetLastError (dwErrCode=0x0) [0109.688] GetLastError () returned 0x0 [0109.688] SetLastError (dwErrCode=0x0) [0109.688] GetLastError () returned 0x0 [0109.688] SetLastError (dwErrCode=0x0) [0109.688] GetLastError () returned 0x0 [0109.688] SetLastError (dwErrCode=0x0) [0109.688] GetLastError () returned 0x0 [0109.688] SetLastError (dwErrCode=0x0) [0109.688] GetLastError () returned 0x0 [0109.688] SetLastError (dwErrCode=0x0) [0109.688] GetLastError () returned 0x0 [0109.688] SetLastError (dwErrCode=0x0) [0109.688] GetLastError () returned 0x0 [0109.688] SetLastError (dwErrCode=0x0) [0109.688] GetLastError () returned 0x0 [0109.688] SetLastError (dwErrCode=0x0) [0109.688] GetLastError () returned 0x0 [0109.688] SetLastError (dwErrCode=0x0) [0109.689] GetLastError () returned 0x0 [0109.689] SetLastError (dwErrCode=0x0) [0109.689] GetLastError () returned 0x0 [0109.689] SetLastError (dwErrCode=0x0) [0109.689] GetLastError () returned 0x0 [0109.689] SetLastError (dwErrCode=0x0) [0109.689] GetLastError () returned 0x0 [0109.689] SetLastError (dwErrCode=0x0) [0109.689] GetLastError () returned 0x0 [0109.689] SetLastError (dwErrCode=0x0) [0109.689] GetLastError () returned 0x0 [0109.689] SetLastError (dwErrCode=0x0) [0109.689] GetLastError () returned 0x0 [0109.689] SetLastError (dwErrCode=0x0) [0109.689] GetLastError () returned 0x0 [0109.689] SetLastError (dwErrCode=0x0) [0109.689] GetLastError () returned 0x0 [0109.689] SetLastError (dwErrCode=0x0) [0109.689] GetLastError () returned 0x0 [0109.689] SetLastError (dwErrCode=0x0) [0109.689] GetLastError () returned 0x0 [0109.689] SetLastError (dwErrCode=0x0) [0109.689] GetLastError () returned 0x0 [0109.689] SetLastError (dwErrCode=0x0) [0109.689] GetLastError () returned 0x0 [0109.690] SetLastError (dwErrCode=0x0) [0109.690] GetLastError () returned 0x0 [0109.690] SetLastError (dwErrCode=0x0) [0109.690] GetLastError () returned 0x0 [0109.690] SetLastError (dwErrCode=0x0) [0109.690] GetLastError () returned 0x0 [0109.690] SetLastError (dwErrCode=0x0) [0109.690] GetLastError () returned 0x0 [0109.690] SetLastError (dwErrCode=0x0) [0109.690] GetLastError () returned 0x0 [0109.690] SetLastError (dwErrCode=0x0) [0109.690] GetLastError () returned 0x0 [0109.690] SetLastError (dwErrCode=0x0) [0109.690] GetLastError () returned 0x0 [0109.690] SetLastError (dwErrCode=0x0) [0109.690] GetLastError () returned 0x0 [0109.690] SetLastError (dwErrCode=0x0) [0109.690] GetLastError () returned 0x0 [0109.690] SetLastError (dwErrCode=0x0) [0109.690] GetLastError () returned 0x0 [0109.690] SetLastError (dwErrCode=0x0) [0109.690] GetLastError () returned 0x0 [0109.690] SetLastError (dwErrCode=0x0) [0109.690] GetLastError () returned 0x0 [0109.690] SetLastError (dwErrCode=0x0) [0109.690] GetLastError () returned 0x0 [0109.691] SetLastError (dwErrCode=0x0) [0109.691] GetLastError () returned 0x0 [0109.691] SetLastError (dwErrCode=0x0) [0109.691] GetLastError () returned 0x0 [0109.691] SetLastError (dwErrCode=0x0) [0109.691] GetLastError () returned 0x0 [0109.691] SetLastError (dwErrCode=0x0) [0109.691] GetLastError () returned 0x0 [0109.691] SetLastError (dwErrCode=0x0) [0109.691] GetLastError () returned 0x0 [0109.691] SetLastError (dwErrCode=0x0) [0109.691] GetLastError () returned 0x0 [0109.691] SetLastError (dwErrCode=0x0) [0109.691] GetLastError () returned 0x0 [0109.691] SetLastError (dwErrCode=0x0) [0109.691] GetLastError () returned 0x0 [0109.691] SetLastError (dwErrCode=0x0) [0109.691] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0xc0) returned 0x2302350 [0109.691] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x43) returned 0x2302418 [0109.691] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x4c) returned 0x2302468 [0109.691] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x5b) returned 0x23024c0 [0109.691] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x60) returned 0x2302528 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x55) returned 0x2302590 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x38) returned 0x23025f0 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x48) returned 0x2302630 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x55) returned 0x2302680 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x4c) returned 0x23026e0 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x31) returned 0x2302738 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x3b) returned 0x2302778 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x4f) returned 0x23027c0 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x39) returned 0x2302818 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x3b) returned 0x2302860 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x46) returned 0x23028a8 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x32) returned 0x23028f8 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0xe5) returned 0x2302938 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x62) returned 0x2302a28 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x3f) returned 0x2302a98 [0109.692] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x41) returned 0x2302ae0 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x6c) returned 0x2302b30 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x36) returned 0x2302ba8 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x3c) returned 0x2302be8 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x3f) returned 0x2302c30 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x48) returned 0x2302c78 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x4d) returned 0x2302cc8 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x42) returned 0x2302d20 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x8f) returned 0x2302d70 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x3b) returned 0x2302e08 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x33) returned 0x2302e50 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x3a) returned 0x2302e90 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x4c) returned 0x2302ed8 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x4b) returned 0x2302f30 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x36) returned 0x2302f88 [0109.693] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x45) returned 0x2302fc8 [0109.694] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x34) returned 0x2303018 [0109.694] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x40) returned 0x2303058 [0109.694] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x36) returned 0x23030a0 [0109.694] HeapValidate (hHeap=0x580000, dwFlags=0x0, lpMem=0x2301a90) returned 1 [0109.694] HeapFree (in: hHeap=0x580000, dwFlags=0x0, lpMem=0x2301a90 | out: hHeap=0x580000) returned 1 [0109.694] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x77230000 [0109.694] GetProcAddress (hModule=0x77230000, lpProcName="IsProcessorFeaturePresent") returned 0x77245960 [0109.694] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0109.695] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0xa4) returned 0x2301a90 [0109.695] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x824) returned 0x23030e0 [0109.695] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x42e710) returned 0x0 [0109.696] HeapValidate (hHeap=0x580000, dwFlags=0x0, lpMem=0x2301a90) returned 1 [0109.696] GetLastError () returned 0x0 [0109.696] SetLastError (dwErrCode=0x0) [0109.696] GetLastError () returned 0x0 [0109.696] SetLastError (dwErrCode=0x0) [0109.696] GetLastError () returned 0x0 [0109.696] SetLastError (dwErrCode=0x0) [0109.696] GetLastError () returned 0x0 [0109.696] SetLastError (dwErrCode=0x0) [0109.696] GetLastError () returned 0x0 [0109.696] SetLastError (dwErrCode=0x0) [0109.696] GetLastError () returned 0x0 [0109.696] SetLastError (dwErrCode=0x0) [0109.696] GetLastError () returned 0x0 [0109.696] SetLastError (dwErrCode=0x0) [0109.696] GetLastError () returned 0x0 [0109.697] SetLastError (dwErrCode=0x0) [0109.697] GetLastError () returned 0x0 [0109.697] SetLastError (dwErrCode=0x0) [0109.697] GetLastError () returned 0x0 [0109.697] SetLastError (dwErrCode=0x0) [0109.697] GetLastError () returned 0x0 [0109.697] SetLastError (dwErrCode=0x0) [0109.697] GetLastError () returned 0x0 [0109.697] SetLastError (dwErrCode=0x0) [0109.697] GetLastError () returned 0x0 [0109.697] SetLastError (dwErrCode=0x0) [0109.697] GetLastError () returned 0x0 [0109.697] SetLastError (dwErrCode=0x0) [0109.697] GetLastError () returned 0x0 [0109.697] SetLastError (dwErrCode=0x0) [0109.697] GetLastError () returned 0x0 [0109.697] SetLastError (dwErrCode=0x0) [0109.697] GetLastError () returned 0x0 [0109.697] SetLastError (dwErrCode=0x0) [0109.697] GetLastError () returned 0x0 [0109.697] SetLastError (dwErrCode=0x0) [0109.697] GetLastError () returned 0x0 [0109.697] SetLastError (dwErrCode=0x0) [0109.697] GetLastError () returned 0x0 [0109.697] SetLastError (dwErrCode=0x0) [0109.697] GetLastError () returned 0x0 [0109.698] SetLastError (dwErrCode=0x0) [0109.698] GetLastError () returned 0x0 [0109.698] SetLastError (dwErrCode=0x0) [0109.698] GetLastError () returned 0x0 [0109.698] SetLastError (dwErrCode=0x0) [0109.698] GetLastError () returned 0x0 [0109.698] SetLastError (dwErrCode=0x0) [0109.698] GetLastError () returned 0x0 [0109.698] SetLastError (dwErrCode=0x0) [0109.698] GetLastError () returned 0x0 [0109.698] SetLastError (dwErrCode=0x0) [0109.698] GetLastError () returned 0x0 [0109.698] SetLastError (dwErrCode=0x0) [0109.698] GetLastError () returned 0x0 [0109.698] SetLastError (dwErrCode=0x0) [0109.698] GetLastError () returned 0x0 [0109.698] SetLastError (dwErrCode=0x0) [0109.698] GetLastError () returned 0x0 [0109.698] SetLastError (dwErrCode=0x0) [0109.698] GetLastError () returned 0x0 [0109.698] SetLastError (dwErrCode=0x0) [0109.698] GetLastError () returned 0x0 [0109.698] SetLastError (dwErrCode=0x0) [0109.698] GetLastError () returned 0x0 [0109.699] SetLastError (dwErrCode=0x0) [0109.699] GetLastError () returned 0x0 [0109.699] SetLastError (dwErrCode=0x0) [0109.699] GetLastError () returned 0x0 [0109.699] SetLastError (dwErrCode=0x0) [0109.699] GetLastError () returned 0x0 [0109.699] SetLastError (dwErrCode=0x0) [0109.699] GetLastError () returned 0x0 [0109.699] SetLastError (dwErrCode=0x0) [0109.699] GetLastError () returned 0x0 [0109.699] SetLastError (dwErrCode=0x0) [0109.699] GetLastError () returned 0x0 [0109.699] SetLastError (dwErrCode=0x0) [0109.699] GetLastError () returned 0x0 [0109.699] SetLastError (dwErrCode=0x0) [0109.699] GetLastError () returned 0x0 [0109.699] SetLastError (dwErrCode=0x0) [0109.699] GetLastError () returned 0x0 [0109.699] SetLastError (dwErrCode=0x0) [0109.699] GetLastError () returned 0x0 [0109.699] SetLastError (dwErrCode=0x0) [0109.699] GetLastError () returned 0x0 [0109.699] SetLastError (dwErrCode=0x0) [0109.699] GetLastError () returned 0x0 [0109.700] SetLastError (dwErrCode=0x0) [0109.700] GetLastError () returned 0x0 [0109.700] SetLastError (dwErrCode=0x0) [0109.700] GetLastError () returned 0x0 [0109.700] SetLastError (dwErrCode=0x0) [0109.700] GetLastError () returned 0x0 [0109.700] SetLastError (dwErrCode=0x0) [0109.700] GetLastError () returned 0x0 [0109.700] SetLastError (dwErrCode=0x0) [0109.700] GetLastError () returned 0x0 [0109.700] SetLastError (dwErrCode=0x0) [0109.700] GetLastError () returned 0x0 [0109.700] SetLastError (dwErrCode=0x0) [0109.700] GetLastError () returned 0x0 [0109.700] SetLastError (dwErrCode=0x0) [0109.700] GetLastError () returned 0x0 [0109.700] SetLastError (dwErrCode=0x0) [0109.700] GetLastError () returned 0x0 [0109.700] SetLastError (dwErrCode=0x0) [0109.700] GetLastError () returned 0x0 [0109.700] SetLastError (dwErrCode=0x0) [0109.700] GetLastError () returned 0x0 [0109.700] SetLastError (dwErrCode=0x0) [0109.700] GetLastError () returned 0x0 [0109.700] SetLastError (dwErrCode=0x0) [0109.701] GetLastError () returned 0x0 [0109.701] SetLastError (dwErrCode=0x0) [0109.701] GetLastError () returned 0x0 [0109.701] SetLastError (dwErrCode=0x0) [0109.701] GetLastError () returned 0x0 [0109.701] SetLastError (dwErrCode=0x0) [0109.701] GetLastError () returned 0x0 [0109.701] SetLastError (dwErrCode=0x0) [0109.701] GetLastError () returned 0x0 [0109.701] SetLastError (dwErrCode=0x0) [0109.701] GetLastError () returned 0x0 [0109.701] SetLastError (dwErrCode=0x0) [0109.707] lstrlenA (lpString="") returned 0 [0109.707] GetCursor () returned 0x10007 [0109.707] GetTickCount () returned 0x115c187 [0109.707] GetCursor () returned 0x10007 [0109.707] GetTickCount () returned 0x115c187 [0109.707] GetCursor () returned 0x10007 [0109.707] GetTickCount () returned 0x115c187 [0109.707] GetCursor () returned 0x10007 [0109.707] GetTickCount () returned 0x115c187 [0109.707] GetCursor () returned 0x10007 [0109.707] GetTickCount () returned 0x115c187 [0109.707] GetCursor () returned 0x10007 [0109.707] GetTickCount () returned 0x115c187 [0109.707] GetCursor () returned 0x10007 [0109.707] GetTickCount () returned 0x115c187 [0109.707] GetCursor () returned 0x10007 [0109.707] GetTickCount () returned 0x115c187 [0109.707] GetCursor () returned 0x10007 [0109.708] GetTickCount () returned 0x115c187 [0109.708] GetCursor () returned 0x10007 [0109.708] GetTickCount () returned 0x115c187 [0109.708] GetCursor () returned 0x10007 [0109.708] GetTickCount () returned 0x115c187 [0109.708] GetCursor () returned 0x10007 [0109.708] GetTickCount () returned 0x115c187 [0109.708] GetCursor () returned 0x10007 [0109.708] GetTickCount () returned 0x115c187 [0109.708] GetCursor () returned 0x10007 [0109.708] GetTickCount () returned 0x115c187 [0109.708] GetCursor () returned 0x10007 [0109.708] GetTickCount () returned 0x115c187 [0109.708] GetCursor () returned 0x10007 [0109.708] GetTickCount () returned 0x115c187 [0109.708] GetCursor () returned 0x10007 [0109.708] GetTickCount () returned 0x115c187 [0109.708] GetCursor () returned 0x10007 [0109.708] GetTickCount () returned 0x115c187 [0109.708] GetCursor () returned 0x10007 [0109.708] GetTickCount () returned 0x115c187 [0109.708] GetCursor () returned 0x10007 [0109.708] GetTickCount () returned 0x115c187 [0109.708] GetCursor () returned 0x10007 [0109.709] GetTickCount () returned 0x115c187 [0109.709] GetCursor () returned 0x10007 [0109.709] GetTickCount () returned 0x115c187 [0109.709] GetCursor () returned 0x10007 [0109.709] GetTickCount () returned 0x115c187 [0109.709] GetCursor () returned 0x10007 [0109.709] GetTickCount () returned 0x115c187 [0109.709] GetCursor () returned 0x10007 [0109.709] GetTickCount () returned 0x115c187 [0109.709] GetCursor () returned 0x10007 [0109.709] GetTickCount () returned 0x115c187 [0109.709] GetCursor () returned 0x10007 [0109.709] GetTickCount () returned 0x115c187 [0109.709] GetCursor () returned 0x10007 [0109.709] GetTickCount () returned 0x115c187 [0109.709] GetCursor () returned 0x10007 [0109.709] GetTickCount () returned 0x115c187 [0109.709] GetCursor () returned 0x10007 [0109.709] GetTickCount () returned 0x115c187 [0109.709] GetCursor () returned 0x10007 [0109.709] GetTickCount () returned 0x115c187 [0109.709] GetCursor () returned 0x10007 [0109.709] GetTickCount () returned 0x115c187 [0109.709] GetCursor () returned 0x10007 [0109.709] GetTickCount () returned 0x115c187 [0109.709] GetCursor () returned 0x10007 [0109.710] GetTickCount () returned 0x115c187 [0109.710] GetCursor () returned 0x10007 [0109.710] GetTickCount () returned 0x115c187 [0109.710] GetCursor () returned 0x10007 [0109.710] GetTickCount () returned 0x115c187 [0109.710] GetCursor () returned 0x10007 [0109.710] GetTickCount () returned 0x115c187 [0109.710] GetCursor () returned 0x10007 [0109.710] GetTickCount () returned 0x115c187 [0109.710] GetCursor () returned 0x10007 [0109.710] GetTickCount () returned 0x115c187 [0109.710] GetCursor () returned 0x10007 [0109.710] GetTickCount () returned 0x115c187 [0109.710] GetCursor () returned 0x10007 [0109.710] GetTickCount () returned 0x115c187 [0109.710] GetCursor () returned 0x10007 [0109.710] GetTickCount () returned 0x115c187 [0109.710] GetCursor () returned 0x10007 [0109.710] GetTickCount () returned 0x115c187 [0109.710] GetCursor () returned 0x10007 [0109.710] GetTickCount () returned 0x115c187 [0109.710] GetCursor () returned 0x10007 [0109.710] GetTickCount () returned 0x115c187 [0109.710] GetCursor () returned 0x10007 [0109.710] GetTickCount () returned 0x115c187 [0109.710] GetCursor () returned 0x10007 [0109.711] GetTickCount () returned 0x115c187 [0109.711] GetCursor () returned 0x10007 [0109.711] GetTickCount () returned 0x115c187 [0109.711] GetCursor () returned 0x10007 [0109.711] GetTickCount () returned 0x115c187 [0109.711] GetCursor () returned 0x10007 [0109.711] GetTickCount () returned 0x115c187 [0109.711] GetCursor () returned 0x10007 [0109.711] GetTickCount () returned 0x115c187 [0109.711] GetCursor () returned 0x10007 [0109.711] GetTickCount () returned 0x115c187 [0109.711] GetCursor () returned 0x10007 [0109.711] GetTickCount () returned 0x115c187 [0109.711] GetCursor () returned 0x10007 [0109.711] GetTickCount () returned 0x115c187 [0109.711] GetCursor () returned 0x10007 [0109.711] GetTickCount () returned 0x115c187 [0109.711] GetCursor () returned 0x10007 [0109.711] GetTickCount () returned 0x115c187 [0109.711] GetCursor () returned 0x10007 [0109.711] GetTickCount () returned 0x115c187 [0109.711] GetCursor () returned 0x10007 [0109.711] GetTickCount () returned 0x115c187 [0109.711] GetCursor () returned 0x10007 [0109.711] GetTickCount () returned 0x115c187 [0109.712] GetCursor () returned 0x10007 [0109.712] GetTickCount () returned 0x115c187 [0109.712] GetCursor () returned 0x10007 [0109.712] GetTickCount () returned 0x115c187 [0109.712] GetCursor () returned 0x10007 [0109.712] GetTickCount () returned 0x115c187 [0109.712] GetCursor () returned 0x10007 [0109.712] GetTickCount () returned 0x115c187 [0109.712] GetCursor () returned 0x10007 [0109.712] GetTickCount () returned 0x115c187 [0109.712] GetCursor () returned 0x10007 [0109.712] GetTickCount () returned 0x115c187 [0109.712] GetCursor () returned 0x10007 [0109.712] GetTickCount () returned 0x115c187 [0109.712] GetCursor () returned 0x10007 [0109.712] GetTickCount () returned 0x115c187 [0109.712] GetCursor () returned 0x10007 [0109.712] GetTickCount () returned 0x115c187 [0109.712] GetCursor () returned 0x10007 [0109.712] GetTickCount () returned 0x115c187 [0109.712] GetCursor () returned 0x10007 [0109.712] GetTickCount () returned 0x115c187 [0109.712] GetCursor () returned 0x10007 [0109.712] GetTickCount () returned 0x115c187 [0109.712] GetCursor () returned 0x10007 [0109.713] GetTickCount () returned 0x115c187 [0109.713] GetCursor () returned 0x10007 [0109.713] GetTickCount () returned 0x115c187 [0109.713] GetCursor () returned 0x10007 [0109.713] GetTickCount () returned 0x115c187 [0109.713] GetCursor () returned 0x10007 [0109.713] GetTickCount () returned 0x115c187 [0109.713] GetCursor () returned 0x10007 [0109.713] GetTickCount () returned 0x115c187 [0109.713] GetCursor () returned 0x10007 [0109.713] GetTickCount () returned 0x115c187 [0109.713] GetCursor () returned 0x10007 [0109.713] GetTickCount () returned 0x115c187 [0109.713] GetCursor () returned 0x10007 [0109.713] GetTickCount () returned 0x115c187 [0109.713] GetCursor () returned 0x10007 [0109.713] GetTickCount () returned 0x115c187 [0109.713] GetCursor () returned 0x10007 [0109.713] GetTickCount () returned 0x115c187 [0109.713] GetCursor () returned 0x10007 [0109.713] GetTickCount () returned 0x115c187 [0109.713] GetCursor () returned 0x10007 [0109.713] GetTickCount () returned 0x115c187 [0109.713] GetCursor () returned 0x10007 [0109.713] GetTickCount () returned 0x115c187 [0109.713] GetCursor () returned 0x10007 [0109.714] GetTickCount () returned 0x115c187 [0109.714] GetCursor () returned 0x10007 [0109.714] GetTickCount () returned 0x115c187 [0109.714] GetCursor () returned 0x10007 [0109.714] GetTickCount () returned 0x115c187 [0109.714] GetCursor () returned 0x10007 [0109.714] GetTickCount () returned 0x115c187 [0109.714] GetCursor () returned 0x10007 [0109.714] GetTickCount () returned 0x115c187 [0109.714] GetCursor () returned 0x10007 [0109.714] GetTickCount () returned 0x115c187 [0109.714] GetCursor () returned 0x10007 [0109.714] GetTickCount () returned 0x115c187 [0109.714] GetCursor () returned 0x10007 [0109.714] GetTickCount () returned 0x115c187 [0109.714] GetCursor () returned 0x10007 [0109.714] GetTickCount () returned 0x115c187 [0109.714] GetCursor () returned 0x10007 [0109.714] GetTickCount () returned 0x115c187 [0109.714] GetCursor () returned 0x10007 [0109.714] GetTickCount () returned 0x115c187 [0109.714] GetCursor () returned 0x10007 [0109.714] GetTickCount () returned 0x115c187 [0109.714] GetCursor () returned 0x10007 [0109.714] GetTickCount () returned 0x115c187 [0109.714] GetCursor () returned 0x10007 [0109.715] GetTickCount () returned 0x115c187 [0109.715] GetCursor () returned 0x10007 [0109.715] GetTickCount () returned 0x115c187 [0109.715] GetCursor () returned 0x10007 [0109.715] GetTickCount () returned 0x115c187 [0109.715] GetCursor () returned 0x10007 [0109.715] GetTickCount () returned 0x115c187 [0109.715] GetCursor () returned 0x10007 [0109.715] GetTickCount () returned 0x115c187 [0109.715] GetCursor () returned 0x10007 [0109.715] GetTickCount () returned 0x115c187 [0109.715] GetCursor () returned 0x10007 [0109.715] GetTickCount () returned 0x115c187 [0109.715] GetCursor () returned 0x10007 [0109.715] GetTickCount () returned 0x115c187 [0109.715] GetCursor () returned 0x10007 [0109.715] GetTickCount () returned 0x115c187 [0109.715] GetCursor () returned 0x10007 [0109.715] GetTickCount () returned 0x115c187 [0109.715] GetCursor () returned 0x10007 [0109.715] GetTickCount () returned 0x115c187 [0109.715] GetCursor () returned 0x10007 [0109.715] GetTickCount () returned 0x115c187 [0109.715] GetCursor () returned 0x10007 [0109.716] GetTickCount () returned 0x115c187 [0109.716] GetCursor () returned 0x10007 [0109.716] GetTickCount () returned 0x115c187 [0109.716] GetCursor () returned 0x10007 [0109.716] GetTickCount () returned 0x115c187 [0109.716] GetCursor () returned 0x10007 [0109.716] GetTickCount () returned 0x115c187 [0109.716] GetCursor () returned 0x10007 [0109.716] GetTickCount () returned 0x115c187 [0109.716] GetCursor () returned 0x10007 [0109.716] GetTickCount () returned 0x115c187 [0109.716] GetCursor () returned 0x10007 [0109.716] GetTickCount () returned 0x115c187 [0109.716] GetCursor () returned 0x10007 [0109.716] GetTickCount () returned 0x115c187 [0109.716] GetCursor () returned 0x10007 [0109.716] GetTickCount () returned 0x115c187 [0109.716] GetCursor () returned 0x10007 [0109.716] GetTickCount () returned 0x115c187 [0109.716] GetCursor () returned 0x10007 [0109.716] GetTickCount () returned 0x115c187 [0109.716] GetCursor () returned 0x10007 [0109.716] GetTickCount () returned 0x115c187 [0109.716] GetCursor () returned 0x10007 [0109.716] GetTickCount () returned 0x115c187 [0109.716] GetCursor () returned 0x10007 [0109.717] GetTickCount () returned 0x115c187 [0109.717] GetCursor () returned 0x10007 [0109.717] GetTickCount () returned 0x115c187 [0109.717] GetCursor () returned 0x10007 [0109.717] GetTickCount () returned 0x115c187 [0109.717] GetCursor () returned 0x10007 [0109.717] GetTickCount () returned 0x115c187 [0109.717] GetCursor () returned 0x10007 [0109.717] GetTickCount () returned 0x115c187 [0109.717] GetCursor () returned 0x10007 [0109.717] GetTickCount () returned 0x115c187 [0109.717] GetCursor () returned 0x10007 [0109.717] GetTickCount () returned 0x115c187 [0109.717] GetCursor () returned 0x10007 [0109.717] GetTickCount () returned 0x115c187 [0109.717] GetCursor () returned 0x10007 [0109.717] GetTickCount () returned 0x115c187 [0109.717] GetCursor () returned 0x10007 [0109.717] GetTickCount () returned 0x115c187 [0109.717] GetCursor () returned 0x10007 [0109.718] GetTickCount () returned 0x115c197 [0109.718] GetCursor () returned 0x10007 [0109.718] GetTickCount () returned 0x115c197 [0109.718] GetCursor () returned 0x10007 [0109.718] GetTickCount () returned 0x115c197 [0109.718] GetCursor () returned 0x10007 [0109.718] GetTickCount () returned 0x115c197 [0109.718] GetCursor () returned 0x10007 [0109.719] GetTickCount () returned 0x115c197 [0109.719] GetCursor () returned 0x10007 [0109.719] GetTickCount () returned 0x115c197 [0109.719] GetCursor () returned 0x10007 [0109.719] GetTickCount () returned 0x115c197 [0109.719] GetCursor () returned 0x10007 [0109.719] GetTickCount () returned 0x115c197 [0109.719] GetCursor () returned 0x10007 [0109.719] GetTickCount () returned 0x115c197 [0109.719] GetCursor () returned 0x10007 [0109.719] GetTickCount () returned 0x115c197 [0109.719] GetCursor () returned 0x10007 [0109.719] GetTickCount () returned 0x115c197 [0109.719] GetCursor () returned 0x10007 [0109.719] GetTickCount () returned 0x115c197 [0109.719] GetCursor () returned 0x10007 [0109.719] GetTickCount () returned 0x115c197 [0109.719] GetCursor () returned 0x10007 [0109.719] GetTickCount () returned 0x115c197 [0109.719] GetCursor () returned 0x10007 [0109.719] GetTickCount () returned 0x115c197 [0109.719] GetCursor () returned 0x10007 [0109.719] GetTickCount () returned 0x115c197 [0109.719] GetCursor () returned 0x10007 [0109.719] GetTickCount () returned 0x115c197 [0109.720] GetCursor () returned 0x10007 [0109.720] GetTickCount () returned 0x115c197 [0109.720] GetCursor () returned 0x10007 [0109.720] GetTickCount () returned 0x115c197 [0109.720] GetCursor () returned 0x10007 [0109.720] GetTickCount () returned 0x115c197 [0109.720] GetCursor () returned 0x10007 [0109.720] GetTickCount () returned 0x115c197 [0109.720] GetCursor () returned 0x10007 [0109.720] GetTickCount () returned 0x115c197 [0109.720] GetCursor () returned 0x10007 [0109.720] GetTickCount () returned 0x115c197 [0109.720] GetCursor () returned 0x10007 [0109.720] GetTickCount () returned 0x115c197 [0109.720] GetCursor () returned 0x10007 [0109.720] GetTickCount () returned 0x115c197 [0109.720] GetCursor () returned 0x10007 [0109.720] GetTickCount () returned 0x115c197 [0109.720] GetCursor () returned 0x10007 [0109.722] GetTickCount () returned 0x115c197 [0109.722] GetCursor () returned 0x10007 [0109.722] GetTickCount () returned 0x115c197 [0109.722] GetCursor () returned 0x10007 [0109.722] GetTickCount () returned 0x115c197 [0109.722] GetCursor () returned 0x10007 [0109.723] GetTickCount () returned 0x115c197 [0109.723] GetCursor () returned 0x10007 [0109.723] GetTickCount () returned 0x115c197 [0109.723] GetCursor () returned 0x10007 [0109.723] GetTickCount () returned 0x115c197 [0109.723] GetCursor () returned 0x10007 [0109.723] GetTickCount () returned 0x115c197 [0109.723] GetCursor () returned 0x10007 [0109.723] GetTickCount () returned 0x115c197 [0109.723] GetCursor () returned 0x10007 [0109.723] GetTickCount () returned 0x115c197 [0109.723] GetCursor () returned 0x10007 [0109.723] GetTickCount () returned 0x115c197 [0109.723] GetCursor () returned 0x10007 [0109.723] GetTickCount () returned 0x115c197 [0109.723] GetCursor () returned 0x10007 [0109.723] GetTickCount () returned 0x115c197 [0109.723] GetCursor () returned 0x10007 [0109.723] GetTickCount () returned 0x115c197 [0109.723] GetCursor () returned 0x10007 [0109.723] GetTickCount () returned 0x115c197 [0109.723] GetCursor () returned 0x10007 [0109.723] GetTickCount () returned 0x115c197 [0109.723] GetCursor () returned 0x10007 [0109.724] GetTickCount () returned 0x115c197 [0109.724] GetCursor () returned 0x10007 [0109.724] GetTickCount () returned 0x115c197 [0109.724] GetCursor () returned 0x10007 [0109.724] GetTickCount () returned 0x115c197 [0109.724] GetCursor () returned 0x10007 [0109.724] GetTickCount () returned 0x115c197 [0109.724] GetCursor () returned 0x10007 [0109.724] GetTickCount () returned 0x115c197 [0109.724] GetCursor () returned 0x10007 [0109.724] GetTickCount () returned 0x115c197 [0109.724] GetCursor () returned 0x10007 [0109.724] GetTickCount () returned 0x115c197 [0109.724] GetCursor () returned 0x10007 [0109.724] GetTickCount () returned 0x115c197 [0109.724] GetCursor () returned 0x10007 [0109.724] GetTickCount () returned 0x115c197 [0109.724] GetCursor () returned 0x10007 [0109.724] GetTickCount () returned 0x115c197 [0109.724] GetCursor () returned 0x10007 [0109.724] GetTickCount () returned 0x115c197 [0109.724] GetCursor () returned 0x10007 [0109.724] GetTickCount () returned 0x115c197 [0109.724] GetCursor () returned 0x10007 [0109.724] GetTickCount () returned 0x115c197 [0109.725] GetCursor () returned 0x10007 [0109.725] GetTickCount () returned 0x115c197 [0109.725] GetCursor () returned 0x10007 [0109.725] GetTickCount () returned 0x115c197 [0109.725] GetCursor () returned 0x10007 [0109.725] GetTickCount () returned 0x115c197 [0109.725] GetCursor () returned 0x10007 [0109.725] GetTickCount () returned 0x115c197 [0109.725] GetCursor () returned 0x10007 [0109.725] GetTickCount () returned 0x115c197 [0109.725] GetCursor () returned 0x10007 [0109.725] GetTickCount () returned 0x115c197 [0109.725] GetCursor () returned 0x10007 [0109.725] GetTickCount () returned 0x115c197 [0109.725] GetCursor () returned 0x10007 [0109.725] GetTickCount () returned 0x115c197 [0109.725] GetCursor () returned 0x10007 [0109.725] GetTickCount () returned 0x115c197 [0109.725] GetCursor () returned 0x10007 [0109.725] GetTickCount () returned 0x115c197 [0109.725] GetCursor () returned 0x10007 [0109.725] GetTickCount () returned 0x115c197 [0109.725] GetCursor () returned 0x10007 [0109.725] GetTickCount () returned 0x115c197 [0109.725] GetCursor () returned 0x10007 [0109.726] GetTickCount () returned 0x115c197 [0109.726] GetCursor () returned 0x10007 [0109.726] GetTickCount () returned 0x115c197 [0109.726] GetCursor () returned 0x10007 [0109.726] GetTickCount () returned 0x115c197 [0109.726] GetCursor () returned 0x10007 [0109.726] GetTickCount () returned 0x115c197 [0109.726] GetCursor () returned 0x10007 [0109.726] GetTickCount () returned 0x115c197 [0109.726] GetCursor () returned 0x10007 [0109.726] GetTickCount () returned 0x115c197 [0109.726] GetCursor () returned 0x10007 [0109.726] GetTickCount () returned 0x115c197 [0109.726] GetCursor () returned 0x10007 [0109.726] GetTickCount () returned 0x115c197 [0109.726] GetCursor () returned 0x10007 [0109.726] GetTickCount () returned 0x115c197 [0109.726] GetCursor () returned 0x10007 [0109.726] GetTickCount () returned 0x115c197 [0109.726] GetCursor () returned 0x10007 [0109.726] GetTickCount () returned 0x115c197 [0109.726] GetCursor () returned 0x10007 [0109.726] GetTickCount () returned 0x115c197 [0109.726] GetCursor () returned 0x10007 [0109.726] GetTickCount () returned 0x115c197 [0109.727] GetCursor () returned 0x10007 [0109.727] GetTickCount () returned 0x115c197 [0109.727] GetCursor () returned 0x10007 [0109.727] GetTickCount () returned 0x115c197 [0109.727] GetCursor () returned 0x10007 [0109.727] GetTickCount () returned 0x115c197 [0109.727] GetCursor () returned 0x10007 [0109.727] GetTickCount () returned 0x115c197 [0109.727] GetCursor () returned 0x10007 [0109.727] GetTickCount () returned 0x115c197 [0109.727] GetCursor () returned 0x10007 [0109.727] GetTickCount () returned 0x115c197 [0109.727] GetCursor () returned 0x10007 [0109.727] GetTickCount () returned 0x115c197 [0109.727] GetCursor () returned 0x10007 [0109.727] GetTickCount () returned 0x115c197 [0109.727] GetCursor () returned 0x10007 [0109.727] GetTickCount () returned 0x115c197 [0109.727] GetCursor () returned 0x10007 [0109.727] GetTickCount () returned 0x115c197 [0109.727] GetCursor () returned 0x10007 [0109.727] GetTickCount () returned 0x115c197 [0109.727] GetCursor () returned 0x10007 [0109.727] GetTickCount () returned 0x115c197 [0109.727] GetCursor () returned 0x10007 [0109.728] GetTickCount () returned 0x115c197 [0109.728] GetCursor () returned 0x10007 [0109.728] GetTickCount () returned 0x115c197 [0109.728] GetCursor () returned 0x10007 [0109.728] GetTickCount () returned 0x115c197 [0109.728] GetCursor () returned 0x10007 [0109.728] GetTickCount () returned 0x115c197 [0109.728] GetCursor () returned 0x10007 [0109.728] GetTickCount () returned 0x115c197 [0109.728] GetCursor () returned 0x10007 [0109.728] GetTickCount () returned 0x115c197 [0109.728] GetCursor () returned 0x10007 [0109.728] GetTickCount () returned 0x115c197 [0109.728] GetCursor () returned 0x10007 [0109.728] GetTickCount () returned 0x115c197 [0109.728] GetCursor () returned 0x10007 [0109.728] GetTickCount () returned 0x115c197 [0109.728] GetCursor () returned 0x10007 [0109.728] GetTickCount () returned 0x115c197 [0109.728] GetCursor () returned 0x10007 [0109.728] GetTickCount () returned 0x115c197 [0109.728] GetCursor () returned 0x10007 [0109.728] GetTickCount () returned 0x115c197 [0109.728] GetCursor () returned 0x10007 [0109.728] GetTickCount () returned 0x115c197 [0109.729] GetCursor () returned 0x10007 [0109.729] GetTickCount () returned 0x115c197 [0109.729] GetCursor () returned 0x10007 [0109.729] GetTickCount () returned 0x115c197 [0109.729] GetCursor () returned 0x10007 [0109.729] GetTickCount () returned 0x115c197 [0109.729] GetCursor () returned 0x10007 [0109.729] GetTickCount () returned 0x115c197 [0109.729] GetCursor () returned 0x10007 [0109.729] GetTickCount () returned 0x115c197 [0109.729] GetCursor () returned 0x10007 [0109.729] GetTickCount () returned 0x115c197 [0109.729] GetCursor () returned 0x10007 [0109.729] GetTickCount () returned 0x115c197 [0109.729] GetCursor () returned 0x10007 [0109.729] GetTickCount () returned 0x115c197 [0109.729] GetCursor () returned 0x10007 [0109.729] GetTickCount () returned 0x115c197 [0109.729] GetCursor () returned 0x10007 [0109.729] GetTickCount () returned 0x115c197 [0109.729] GetCursor () returned 0x10007 [0109.729] GetTickCount () returned 0x115c197 [0109.729] GetCursor () returned 0x10007 [0109.729] GetTickCount () returned 0x115c197 [0109.729] GetCursor () returned 0x10007 [0109.730] GetTickCount () returned 0x115c197 [0110.476] LocalAlloc (uFlags=0x0, uBytes=0x1ee0f) returned 0x819020 [0110.490] lstrcatW (in: lpString1="", lpString2="kernel32.dll" | out: lpString1="kernel32.dll") returned="kernel32.dll" [0110.490] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77230000 [0110.491] GetProcAddress (hModule=0x77230000, lpProcName="VirtualProtect") returned 0x77246a30 [0110.491] VirtualProtect (in: lpAddress=0x819020, dwSize=0x1ee0f, flNewProtect=0x40, lpflOldProtect=0x19f214 | out: lpflOldProtect=0x19f214*=0x4) returned 1 [0110.533] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77230000 [0110.533] GetProcAddress (hModule=0x77230000, lpProcName="GlobalAlloc") returned 0x77245750 [0110.533] GetProcAddress (hModule=0x77230000, lpProcName="GetLastError") returned 0x77245010 [0110.533] GetProcAddress (hModule=0x77230000, lpProcName="Sleep") returned 0x77246760 [0110.533] GetProcAddress (hModule=0x77230000, lpProcName="VirtualAlloc") returned 0x77246970 [0110.533] GetProcAddress (hModule=0x77230000, lpProcName="CreateToolhelp32Snapshot") returned 0x7727edc0 [0110.533] GetProcAddress (hModule=0x77230000, lpProcName="Module32First") returned 0x7727fc90 [0110.533] GetProcAddress (hModule=0x77230000, lpProcName="CloseHandle") returned 0x7729eab0 [0110.533] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0xf4 [0110.535] Module32First (hSnapshot=0xf4, lpme=0x19f020) returned 1 [0110.536] VirtualAlloc (lpAddress=0x0, dwSize=0x35a50, flAllocationType=0x1000, flProtect=0x40) returned 0x540000 [0110.544] GetProcAddress (hModule=0x77230000, lpProcName="LoadLibraryA") returned 0x77245a80 [0110.544] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77230000 [0110.544] GetProcAddress (hModule=0x77230000, lpProcName="VirtualAlloc") returned 0x77246970 [0110.544] GetProcAddress (hModule=0x77230000, lpProcName="VirtualProtect") returned 0x77246a30 [0110.544] GetProcAddress (hModule=0x77230000, lpProcName="VirtualFree") returned 0x772469d0 [0110.544] GetProcAddress (hModule=0x77230000, lpProcName="GetVersionExA") returned 0x772456d0 [0110.544] GetProcAddress (hModule=0x77230000, lpProcName="TerminateProcess") returned 0x772467e0 [0110.544] GetProcAddress (hModule=0x77230000, lpProcName="ExitProcess") returned 0x77243cb0 [0110.544] GetProcAddress (hModule=0x77230000, lpProcName="SetErrorMode") returned 0x77246500 [0110.544] SetErrorMode (uMode=0x400) returned 0x0 [0110.544] SetErrorMode (uMode=0x0) returned 0x400 [0110.544] GetVersionExA (in: lpVersionInformation=0x19df50*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x748d3c56, dwBuildNumber=0x748d3d26, dwPlatformId=0x19dfa4, szCSDVersion="Tv³u\x01") | out: lpVersionInformation=0x19df50*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0110.545] VirtualAlloc (lpAddress=0x0, dwSize=0x34c00, flAllocationType=0x1000, flProtect=0x4) returned 0x5a0000 [0110.549] VirtualProtect (in: lpAddress=0x400000, dwSize=0x140000, flNewProtect=0x40, lpflOldProtect=0x19efd8 | out: lpflOldProtect=0x19efd8*=0x2) returned 1 [0111.070] VirtualFree (lpAddress=0x5a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0111.071] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x773f0000 [0111.136] GetProcAddress (hModule=0x773f0000, lpProcName="SysFreeString") returned 0x7740b920 [0111.136] GetProcAddress (hModule=0x773f0000, lpProcName="SysReAllocStringLen") returned 0x77411500 [0111.136] GetProcAddress (hModule=0x773f0000, lpProcName="SysAllocStringLen") returned 0x7740b7e0 [0111.136] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x759d0000 [0111.143] GetProcAddress (hModule=0x759d0000, lpProcName="RegQueryValueExA") returned 0x759ef020 [0111.143] GetProcAddress (hModule=0x759d0000, lpProcName="RegOpenKeyExA") returned 0x759ef210 [0111.143] GetProcAddress (hModule=0x759d0000, lpProcName="RegCloseKey") returned 0x759eed60 [0111.143] LoadLibraryA (lpLibFileName="user32.dll") returned 0x75f50000 [0111.143] GetProcAddress (hModule=0x75f50000, lpProcName="GetKeyboardType") returned 0x75fc8d80 [0111.143] GetProcAddress (hModule=0x75f50000, lpProcName="DestroyWindow") returned 0x75f83160 [0111.143] GetProcAddress (hModule=0x75f50000, lpProcName="LoadStringA") returned 0x75f6d7b0 [0111.144] GetProcAddress (hModule=0x75f50000, lpProcName="MessageBoxA") returned 0x75fbd740 [0111.144] GetProcAddress (hModule=0x75f50000, lpProcName="CharNextA") returned 0x75f6bf60 [0111.144] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77230000 [0111.144] GetProcAddress (hModule=0x77230000, lpProcName="GetACP") returned 0x77244ca0 [0111.144] GetProcAddress (hModule=0x77230000, lpProcName="Sleep") returned 0x77246760 [0111.144] GetProcAddress (hModule=0x77230000, lpProcName="VirtualFree") returned 0x772469d0 [0111.144] GetProcAddress (hModule=0x77230000, lpProcName="VirtualAlloc") returned 0x77246970 [0111.144] GetProcAddress (hModule=0x77230000, lpProcName="GetTickCount") returned 0x7729dd50 [0111.144] GetProcAddress (hModule=0x77230000, lpProcName="QueryPerformanceCounter") returned 0x77245da0 [0111.144] GetProcAddress (hModule=0x77230000, lpProcName="GetCurrentThreadId") returned 0x77248820 [0111.144] GetProcAddress (hModule=0x77230000, lpProcName="InterlockedDecrement") returned 0x772473c0 [0111.144] GetProcAddress (hModule=0x77230000, lpProcName="InterlockedIncrement") returned 0x77247420 [0111.145] GetProcAddress (hModule=0x77230000, lpProcName="VirtualQuery") returned 0x77246a70 [0111.145] GetProcAddress (hModule=0x77230000, lpProcName="WideCharToMultiByte") returned 0x77246b10 [0111.145] GetProcAddress (hModule=0x77230000, lpProcName="MultiByteToWideChar") returned 0x77245c40 [0111.145] GetProcAddress (hModule=0x77230000, lpProcName="lstrlenA") returned 0x77246c50 [0111.145] GetProcAddress (hModule=0x77230000, lpProcName="lstrcpynA") returned 0x77246c10 [0111.145] GetProcAddress (hModule=0x77230000, lpProcName="LoadLibraryExA") returned 0x77245aa0 [0111.145] GetProcAddress (hModule=0x77230000, lpProcName="GetThreadLocale") returned 0x77245600 [0111.145] GetProcAddress (hModule=0x77230000, lpProcName="GetStartupInfoA") returned 0x772828e0 [0111.146] GetProcAddress (hModule=0x77230000, lpProcName="GetProcAddress") returned 0x772451b0 [0111.146] GetProcAddress (hModule=0x77230000, lpProcName="GetModuleHandleA") returned 0x772450b0 [0111.146] GetProcAddress (hModule=0x77230000, lpProcName="GetModuleFileNameA") returned 0x77245070 [0111.146] GetProcAddress (hModule=0x77230000, lpProcName="GetLocaleInfoA") returned 0x77245020 [0111.146] GetProcAddress (hModule=0x77230000, lpProcName="GetCommandLineA") returned 0x77244cb0 [0111.146] GetProcAddress (hModule=0x77230000, lpProcName="FreeLibrary") returned 0x77244c40 [0111.146] GetProcAddress (hModule=0x77230000, lpProcName="FindFirstFileA") returned 0x7729edb0 [0111.146] GetProcAddress (hModule=0x77230000, lpProcName="FindClose") returned 0x7729ed70 [0111.147] GetProcAddress (hModule=0x77230000, lpProcName="ExitProcess") returned 0x77243cb0 [0111.147] GetProcAddress (hModule=0x77230000, lpProcName="ExitThread") returned 0x77506390 [0111.147] GetProcAddress (hModule=0x77230000, lpProcName="CreateThread") returned 0x772446b0 [0111.147] GetProcAddress (hModule=0x77230000, lpProcName="WriteFile") returned 0x7729f180 [0111.147] GetProcAddress (hModule=0x77230000, lpProcName="UnhandledExceptionFilter") returned 0x772468d0 [0111.147] GetProcAddress (hModule=0x77230000, lpProcName="RtlUnwind") returned 0x77247c10 [0111.147] GetProcAddress (hModule=0x77230000, lpProcName="RaiseException") returned 0x77245e20 [0111.147] GetProcAddress (hModule=0x77230000, lpProcName="GetStdHandle") returned 0x77245330 [0111.147] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77230000 [0111.147] GetProcAddress (hModule=0x77230000, lpProcName="TlsSetValue") returned 0x77246870 [0111.147] GetProcAddress (hModule=0x77230000, lpProcName="TlsGetValue") returned 0x77246850 [0111.147] GetProcAddress (hModule=0x77230000, lpProcName="LocalAlloc") returned 0x77245b20 [0111.147] GetProcAddress (hModule=0x77230000, lpProcName="GetModuleHandleA") returned 0x772450b0 [0111.148] LoadLibraryA (lpLibFileName="user32.dll") returned 0x75f50000 [0111.148] GetProcAddress (hModule=0x75f50000, lpProcName="TranslateMessage") returned 0x75f7f900 [0111.148] GetProcAddress (hModule=0x75f50000, lpProcName="PeekMessageA") returned 0x75f687a0 [0111.148] GetProcAddress (hModule=0x75f50000, lpProcName="MsgWaitForMultipleObjects") returned 0x75f7eca0 [0111.148] GetProcAddress (hModule=0x75f50000, lpProcName="MessageBoxA") returned 0x75fbd740 [0111.148] GetProcAddress (hModule=0x75f50000, lpProcName="LoadStringA") returned 0x75f6d7b0 [0111.148] GetProcAddress (hModule=0x75f50000, lpProcName="GetSystemMetrics") returned 0x75f7ddc0 [0111.148] GetProcAddress (hModule=0x75f50000, lpProcName="DispatchMessageA") returned 0x75f6fd80 [0111.148] GetProcAddress (hModule=0x75f50000, lpProcName="CharNextW") returned 0x75f81130 [0111.148] GetProcAddress (hModule=0x75f50000, lpProcName="CharLowerBuffW") returned 0x75f734a0 [0111.148] GetProcAddress (hModule=0x75f50000, lpProcName="CharNextA") returned 0x75f6bf60 [0111.148] GetProcAddress (hModule=0x75f50000, lpProcName="CharLowerBuffA") returned 0x75fc75b0 [0111.148] GetProcAddress (hModule=0x75f50000, lpProcName="CharLowerA") returned 0x75f72ef0 [0111.149] GetProcAddress (hModule=0x75f50000, lpProcName="CharUpperA") returned 0x75f73690 [0111.149] GetProcAddress (hModule=0x75f50000, lpProcName="CharToOemA") returned 0x75fbf020 [0111.149] LoadLibraryA (lpLibFileName="mpr.dll") returned 0x73df0000 [0111.153] GetProcAddress (hModule=0x73df0000, lpProcName="WNetOpenEnumW") returned 0x73df2790 [0111.153] GetProcAddress (hModule=0x73df0000, lpProcName="WNetEnumResourceW") returned 0x73df2410 [0111.153] GetProcAddress (hModule=0x73df0000, lpProcName="WNetCloseEnum") returned 0x73df2640 [0111.153] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77230000 [0111.153] GetProcAddress (hModule=0x77230000, lpProcName="WriteProcessMemory") returned 0x77246b70 [0111.153] GetProcAddress (hModule=0x77230000, lpProcName="WriteFile") returned 0x7729f180 [0111.153] GetProcAddress (hModule=0x77230000, lpProcName="WaitForSingleObject") returned 0x7729eca0 [0111.153] GetProcAddress (hModule=0x77230000, lpProcName="VirtualQuery") returned 0x77246a70 [0111.154] GetProcAddress (hModule=0x77230000, lpProcName="VirtualAllocEx") returned 0x77246990 [0111.154] GetProcAddress (hModule=0x77230000, lpProcName="TerminateThread") returned 0x77246800 [0111.154] GetProcAddress (hModule=0x77230000, lpProcName="TerminateProcess") returned 0x772467e0 [0111.154] GetProcAddress (hModule=0x77230000, lpProcName="SetLastError") returned 0x77244f00 [0111.154] GetProcAddress (hModule=0x77230000, lpProcName="SetFileTime") returned 0x7729f140 [0111.154] GetProcAddress (hModule=0x77230000, lpProcName="SetFilePointer") returned 0x7729f120 [0111.154] GetProcAddress (hModule=0x77230000, lpProcName="SetFileAttributesW") returned 0x7729f100 [0111.154] GetProcAddress (hModule=0x77230000, lpProcName="SetEvent") returned 0x7729ec50 [0111.154] GetProcAddress (hModule=0x77230000, lpProcName="SetEndOfFile") returned 0x7729f0e0 [0111.154] GetProcAddress (hModule=0x77230000, lpProcName="ResumeThread") returned 0x77246380 [0111.154] GetProcAddress (hModule=0x77230000, lpProcName="ResetEvent") returned 0x7729ec40 [0111.154] GetProcAddress (hModule=0x77230000, lpProcName="ReadFile") returned 0x7729f090 [0111.154] GetProcAddress (hModule=0x77230000, lpProcName="OpenProcess") returned 0x77245cc0 [0111.155] GetProcAddress (hModule=0x77230000, lpProcName="MoveFileW") returned 0x7727e500 [0111.155] GetProcAddress (hModule=0x77230000, lpProcName="LoadLibraryA") returned 0x77245a80 [0111.155] GetProcAddress (hModule=0x77230000, lpProcName="LeaveCriticalSection") returned 0x774eb250 [0111.155] GetProcAddress (hModule=0x77230000, lpProcName="InitializeCriticalSection") returned 0x774faf20 [0111.155] GetProcAddress (hModule=0x77230000, lpProcName="GlobalUnlock") returned 0x772844e0 [0111.155] GetProcAddress (hModule=0x77230000, lpProcName="GlobalReAlloc") returned 0x77283f90 [0111.155] GetProcAddress (hModule=0x77230000, lpProcName="GlobalHandle") returned 0x77284420 [0111.155] GetProcAddress (hModule=0x77230000, lpProcName="GlobalLock") returned 0x772842f0 [0111.155] GetProcAddress (hModule=0x77230000, lpProcName="GlobalFree") returned 0x77241ee0 [0111.155] GetProcAddress (hModule=0x77230000, lpProcName="GlobalAlloc") returned 0x77245750 [0111.155] GetProcAddress (hModule=0x77230000, lpProcName="GetVersionExA") returned 0x772456d0 [0111.155] GetProcAddress (hModule=0x77230000, lpProcName="GetUserDefaultLangID") returned 0x77245690 [0111.156] GetProcAddress (hModule=0x77230000, lpProcName="GetTickCount") returned 0x7729dd50 [0111.156] GetProcAddress (hModule=0x77230000, lpProcName="GetThreadLocale") returned 0x77245600 [0111.156] GetProcAddress (hModule=0x77230000, lpProcName="GetStdHandle") returned 0x77245330 [0111.156] GetProcAddress (hModule=0x77230000, lpProcName="GetProcAddress") returned 0x772451b0 [0111.156] GetProcAddress (hModule=0x77230000, lpProcName="GetModuleHandleA") returned 0x772450b0 [0111.156] GetProcAddress (hModule=0x77230000, lpProcName="GetModuleFileNameW") returned 0x77245090 [0111.156] GetProcAddress (hModule=0x77230000, lpProcName="GetModuleFileNameA") returned 0x77245070 [0111.156] GetProcAddress (hModule=0x77230000, lpProcName="GetLocaleInfoA") returned 0x77245020 [0111.156] GetProcAddress (hModule=0x77230000, lpProcName="GetLocalTime") returned 0x77245060 [0111.156] GetProcAddress (hModule=0x77230000, lpProcName="GetLastError") returned 0x77245010 [0111.156] GetProcAddress (hModule=0x77230000, lpProcName="GetFullPathNameA") returned 0x7729ef90 [0111.156] GetProcAddress (hModule=0x77230000, lpProcName="GetFileAttributesW") returned 0x7729ef10 [0111.156] GetProcAddress (hModule=0x77230000, lpProcName="GetFileAttributesA") returned 0x7729eee0 [0111.157] GetProcAddress (hModule=0x77230000, lpProcName="GetExitCodeThread") returned 0x77244ff0 [0111.157] GetProcAddress (hModule=0x77230000, lpProcName="GetEnvironmentVariableW") returned 0x77244fb0 [0111.157] GetProcAddress (hModule=0x77230000, lpProcName="GetEnvironmentVariableA") returned 0x77244f90 [0111.157] GetProcAddress (hModule=0x77230000, lpProcName="GetDriveTypeA") returned 0x7729eec0 [0111.157] GetProcAddress (hModule=0x77230000, lpProcName="GetDiskFreeSpaceA") returned 0x7729ee80 [0111.157] GetProcAddress (hModule=0x77230000, lpProcName="GetDateFormatA") returned 0x772476e0 [0111.157] GetProcAddress (hModule=0x77230000, lpProcName="GetCurrentThreadId") returned 0x77248820 [0111.157] GetProcAddress (hModule=0x77230000, lpProcName="GetCurrentProcess") returned 0x7729ea10 [0111.157] GetProcAddress (hModule=0x77230000, lpProcName="GetCommandLineW") returned 0x77244cc0 [0111.157] GetProcAddress (hModule=0x77230000, lpProcName="GetCPInfo") returned 0x77244d10 [0111.157] GetProcAddress (hModule=0x77230000, lpProcName="InterlockedIncrement") returned 0x77247420 [0111.157] GetProcAddress (hModule=0x77230000, lpProcName="InterlockedExchange") returned 0x772473e0 [0111.158] GetProcAddress (hModule=0x77230000, lpProcName="InterlockedDecrement") returned 0x772473c0 [0111.158] GetProcAddress (hModule=0x77230000, lpProcName="FreeLibrary") returned 0x77244c40 [0111.158] GetProcAddress (hModule=0x77230000, lpProcName="FormatMessageA") returned 0x77244bc0 [0111.158] GetProcAddress (hModule=0x77230000, lpProcName="FindNextFileW") returned 0x7729ee40 [0111.158] GetProcAddress (hModule=0x77230000, lpProcName="FindFirstFileW") returned 0x7729edf0 [0111.158] GetProcAddress (hModule=0x77230000, lpProcName="FindClose") returned 0x7729ed70 [0111.158] GetProcAddress (hModule=0x77230000, lpProcName="FileTimeToLocalFileTime") returned 0x7729ed60 [0111.158] GetProcAddress (hModule=0x77230000, lpProcName="FileTimeToDosDateTime") returned 0x77281eb0 [0111.158] GetProcAddress (hModule=0x77230000, lpProcName="ExitThread") returned 0x77506390 [0111.158] GetProcAddress (hModule=0x77230000, lpProcName="ExitProcess") returned 0x77243cb0 [0111.158] GetProcAddress (hModule=0x77230000, lpProcName="EnumCalendarInfoA") returned 0x7725c0d0 [0111.158] GetProcAddress (hModule=0x77230000, lpProcName="EnterCriticalSection") returned 0x774eb2d0 [0111.158] GetProcAddress (hModule=0x77230000, lpProcName="DuplicateHandle") returned 0x7729eac0 [0111.159] GetProcAddress (hModule=0x77230000, lpProcName="DeleteFileW") returned 0x7729ed40 [0111.159] GetProcAddress (hModule=0x77230000, lpProcName="DeleteCriticalSection") returned 0x774cfb90 [0111.159] GetProcAddress (hModule=0x77230000, lpProcName="CreateThread") returned 0x772446b0 [0111.159] GetProcAddress (hModule=0x77230000, lpProcName="CreateRemoteThread") returned 0x77244670 [0111.159] GetProcAddress (hModule=0x77230000, lpProcName="CreateProcessW") returned 0x77244610 [0111.159] GetProcAddress (hModule=0x77230000, lpProcName="CreateProcessA") returned 0x772445b0 [0111.159] GetProcAddress (hModule=0x77230000, lpProcName="CreatePipe") returned 0x77244590 [0111.159] GetProcAddress (hModule=0x77230000, lpProcName="CreateFileW") returned 0x7729ed10 [0111.159] GetProcAddress (hModule=0x77230000, lpProcName="CreateFileA") returned 0x7729ed00 [0111.159] GetProcAddress (hModule=0x77230000, lpProcName="CreateEventA") returned 0x7729eb00 [0111.159] GetProcAddress (hModule=0x77230000, lpProcName="CreateDirectoryW") returned 0x7729ece0 [0111.159] GetProcAddress (hModule=0x77230000, lpProcName="CopyFileW") returned 0x7729f3b0 [0111.159] GetProcAddress (hModule=0x77230000, lpProcName="CompareStringW") returned 0x77244430 [0111.160] GetProcAddress (hModule=0x77230000, lpProcName="CompareStringA") returned 0x77244410 [0111.160] GetProcAddress (hModule=0x77230000, lpProcName="CloseHandle") returned 0x7729eab0 [0111.160] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x759d0000 [0111.160] GetProcAddress (hModule=0x759d0000, lpProcName="RegSetValueExW") returned 0x759ef530 [0111.160] GetProcAddress (hModule=0x759d0000, lpProcName="RegSetValueExA") returned 0x759effc0 [0111.160] GetProcAddress (hModule=0x759d0000, lpProcName="RegQueryValueExW") returned 0x759ee5a0 [0111.160] GetProcAddress (hModule=0x759d0000, lpProcName="RegQueryValueExA") returned 0x759ef020 [0111.160] GetProcAddress (hModule=0x759d0000, lpProcName="RegOpenKeyExW") returned 0x759ee580 [0111.160] GetProcAddress (hModule=0x759d0000, lpProcName="RegOpenKeyExA") returned 0x759ef210 [0111.160] GetProcAddress (hModule=0x759d0000, lpProcName="RegEnumKeyExA") returned 0x759f1960 [0111.160] GetProcAddress (hModule=0x759d0000, lpProcName="RegDeleteValueA") returned 0x759f07a0 [0111.160] GetProcAddress (hModule=0x759d0000, lpProcName="RegDeleteKeyA") returned 0x759ef8c0 [0111.160] GetProcAddress (hModule=0x759d0000, lpProcName="RegCreateKeyExW") returned 0x759ef4f0 [0111.161] GetProcAddress (hModule=0x759d0000, lpProcName="RegCreateKeyExA") returned 0x759ef560 [0111.161] GetProcAddress (hModule=0x759d0000, lpProcName="RegCloseKey") returned 0x759eed60 [0111.161] GetProcAddress (hModule=0x759d0000, lpProcName="OpenProcessToken") returned 0x759eefb0 [0111.161] GetProcAddress (hModule=0x759d0000, lpProcName="LookupPrivilegeValueA") returned 0x759e8b30 [0111.161] GetProcAddress (hModule=0x759d0000, lpProcName="AdjustTokenPrivileges") returned 0x759effa0 [0111.161] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77230000 [0111.161] GetProcAddress (hModule=0x77230000, lpProcName="Sleep") returned 0x77246760 [0111.161] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x73b20000 [0111.168] GetProcAddress (hModule=0x73b20000, lpProcName="InternetReadFile") returned 0x73c53a70 [0111.168] GetProcAddress (hModule=0x73b20000, lpProcName="InternetOpenUrlA") returned 0x73d1e8c0 [0111.168] GetProcAddress (hModule=0x73b20000, lpProcName="InternetOpenA") returned 0x73c3f1a0 [0111.168] GetProcAddress (hModule=0x73b20000, lpProcName="InternetConnectA") returned 0x73d1e5b0 [0111.168] GetProcAddress (hModule=0x73b20000, lpProcName="InternetCloseHandle") returned 0x73c2d000 [0111.169] GetProcAddress (hModule=0x73b20000, lpProcName="HttpSendRequestA") returned 0x73cbdd00 [0111.169] GetProcAddress (hModule=0x73b20000, lpProcName="HttpOpenRequestA") returned 0x73d3dba0 [0111.169] GetProcAddress (hModule=0x73b20000, lpProcName="HttpAddRequestHeadersA") returned 0x73c962f0 [0111.169] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x74530000 [0111.212] GetProcAddress (hModule=0x74530000, lpProcName="ShellExecuteW") returned 0x746942e0 [0111.212] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x74530000 [0111.212] GetProcAddress (hModule=0x74530000, lpProcName="SHGetSpecialFolderLocation") returned 0x74693790 [0111.212] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x74530000 [0111.212] GetProcAddress (hModule=0x74530000, lpProcName="SHGetPathFromIDListW") returned 0x7463bda0 [0111.212] GetProcAddress (hModule=0x74530000, lpProcName="SHGetMalloc") returned 0x7469df80 [0111.212] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x773f0000 [0111.212] GetProcAddress (hModule=0x773f0000, lpProcName="SafeArrayPtrOfIndex") returned 0x77416670 [0111.212] GetProcAddress (hModule=0x773f0000, lpProcName="SafeArrayGetUBound") returned 0x77415460 [0111.212] GetProcAddress (hModule=0x773f0000, lpProcName="SafeArrayGetLBound") returned 0x77415ea0 [0111.213] GetProcAddress (hModule=0x773f0000, lpProcName="SafeArrayCreate") returned 0x77410340 [0111.213] GetProcAddress (hModule=0x773f0000, lpProcName="VariantChangeType") returned 0x7740a5e0 [0111.213] GetProcAddress (hModule=0x773f0000, lpProcName="VariantCopy") returned 0x77429dc0 [0111.213] GetProcAddress (hModule=0x773f0000, lpProcName="VariantClear") returned 0x77429db0 [0111.213] GetProcAddress (hModule=0x773f0000, lpProcName="VariantInit") returned 0x77429de0 [0111.213] LoadLibraryA (lpLibFileName="msvcr100.dll") returned 0x73a60000 [0111.219] GetProcAddress (hModule=0x73a60000, lpProcName="atexit") returned 0x73a7c544 [0111.219] atexit (param_1=0x540920) returned 0 [0111.225] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0111.254] GetKeyboardType (nTypeFlag=0) returned 4 [0111.332] GetCommandLineA () returned="\"C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe\" -start" [0111.332] GetStartupInfoA (in: lpStartupInfo=0x19ef68 | out: lpStartupInfo=0x19ef68*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0111.332] GetACP () returned 0x4e4 [0111.332] GetCurrentThreadId () returned 0x1398 [0111.339] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19de58, nSize=0x105 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\windows\\svchost.exe")) returned 0x3d [0111.339] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19dd33, nSize=0x105 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\windows\\svchost.exe")) returned 0x3d [0111.339] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19de48 | out: phkResult=0x19de48*=0x0) returned 0x2 [0111.339] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19de48 | out: phkResult=0x19de48*=0x0) returned 0x2 [0111.339] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19de48 | out: phkResult=0x19de48*=0x0) returned 0x2 [0111.339] lstrcpynA (in: lpString1=0x19dd33, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe", iMaxLength=261 | out: lpString1="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe") returned="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe" [0111.339] GetThreadLocale () returned 0x409 [0111.339] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x19de43, cchData=5 | out: lpLCData="ENU") returned 4 [0111.387] lstrlenA (lpString="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe") returned 61 [0111.387] lstrcpynA (in: lpString1=0x19dd6d, lpString2="ENU", iMaxLength=203 | out: lpString1="ENU") returned="ENU" [0111.387] LoadLibraryExA (lpLibFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0111.387] lstrcpynA (in: lpString1=0x19dd6d, lpString2="EN", iMaxLength=203 | out: lpString1="EN") returned="EN" [0111.387] LoadLibraryExA (lpLibFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffdc, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffd8, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffef, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffec, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.388] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x19df88, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.394] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x2400000 [0111.443] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x19df74, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.443] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x19df74, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0111.443] GetVersionExA (in: lpVersionInformation=0x19ef0c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0xffffffff, dwMinorVersion=0x19ef30, dwBuildNumber=0x0, dwPlatformId=0x19ef2c, szCSDVersion="") | out: lpVersionInformation=0x19ef0c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0111.449] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77230000 [0111.449] GetProcAddress (hModule=0x77230000, lpProcName="GetDiskFreeSpaceExA") returned 0x7729ee90 [0111.449] GetThreadLocale () returned 0x409 [0111.449] GetSystemMetrics (nIndex=42) returned 0 [0111.501] GetThreadLocale () returned 0x409 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Jan") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x19ede4, cchData=256 | out: lpLCData="January") returned 8 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Feb") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x19ede4, cchData=256 | out: lpLCData="February") returned 9 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Mar") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x19ede4, cchData=256 | out: lpLCData="March") returned 6 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Apr") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x19ede4, cchData=256 | out: lpLCData="April") returned 6 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x19ede4, cchData=256 | out: lpLCData="May") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x19ede4, cchData=256 | out: lpLCData="May") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Jun") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x19ede4, cchData=256 | out: lpLCData="June") returned 5 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Jul") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x19ede4, cchData=256 | out: lpLCData="July") returned 5 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Aug") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x19ede4, cchData=256 | out: lpLCData="August") returned 7 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Sep") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x19ede4, cchData=256 | out: lpLCData="September") returned 10 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Oct") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x19ede4, cchData=256 | out: lpLCData="October") returned 8 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Nov") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x19ede4, cchData=256 | out: lpLCData="November") returned 9 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Dec") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x19ede4, cchData=256 | out: lpLCData="December") returned 9 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Sun") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Sunday") returned 7 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Mon") returned 4 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Monday") returned 7 [0111.501] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Tue") returned 4 [0111.502] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Tuesday") returned 8 [0111.502] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Wed") returned 4 [0111.502] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Wednesday") returned 10 [0111.502] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Thu") returned 4 [0111.502] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Thursday") returned 9 [0111.502] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Fri") returned 4 [0111.502] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Friday") returned 7 [0111.502] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Sat") returned 4 [0111.502] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x19ede4, cchData=256 | out: lpLCData="Saturday") returned 9 [0111.502] GetThreadLocale () returned 0x409 [0111.502] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x19ee40, cchData=256 | out: lpLCData="$") returned 2 [0111.502] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x19ee40, cchData=256 | out: lpLCData="0") returned 2 [0111.507] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x19ee40, cchData=256 | out: lpLCData="0") returned 2 [0111.507] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x19ef38, cchData=2 | out: lpLCData=",") returned 2 [0111.507] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x19ef38, cchData=2 | out: lpLCData=".") returned 2 [0111.507] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x19ee40, cchData=256 | out: lpLCData="2") returned 2 [0111.507] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x19ef38, cchData=2 | out: lpLCData="/") returned 2 [0111.507] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x19ee40, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0111.507] GetThreadLocale () returned 0x409 [0111.507] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x19ee0c, cchData=256 | out: lpLCData="1") returned 2 [0111.508] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x19ee40, cchData=256 | out: lpLCData="dddd, MMMM d, yyyy") returned 19 [0111.508] GetThreadLocale () returned 0x409 [0111.508] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x19ee0c, cchData=256 | out: lpLCData="1") returned 2 [0111.508] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x19ef38, cchData=2 | out: lpLCData=":") returned 2 [0111.508] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x19ee40, cchData=256 | out: lpLCData="AM") returned 3 [0111.508] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x19ee40, cchData=256 | out: lpLCData="PM") returned 3 [0111.508] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x19ee40, cchData=256 | out: lpLCData="0") returned 2 [0111.508] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x19ee40, cchData=256 | out: lpLCData="0") returned 2 [0111.508] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x19ee40, cchData=256 | out: lpLCData="0") returned 2 [0111.508] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x19ef38, cchData=2 | out: lpLCData=",") returned 2 [0111.514] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x773f0000 [0111.514] GetProcAddress (hModule=0x773f0000, lpProcName="VariantChangeTypeEx") returned 0x7740a610 [0111.514] GetProcAddress (hModule=0x773f0000, lpProcName="VarNeg") returned 0x774552c0 [0111.514] GetProcAddress (hModule=0x773f0000, lpProcName="VarNot") returned 0x77456560 [0111.514] GetProcAddress (hModule=0x773f0000, lpProcName="VarAdd") returned 0x7742d610 [0111.514] GetProcAddress (hModule=0x773f0000, lpProcName="VarSub") returned 0x7742e3e0 [0111.514] GetProcAddress (hModule=0x773f0000, lpProcName="VarMul") returned 0x7742db10 [0111.514] GetProcAddress (hModule=0x773f0000, lpProcName="VarDiv") returned 0x77455800 [0111.514] GetProcAddress (hModule=0x773f0000, lpProcName="VarIdiv") returned 0x774561a0 [0111.515] GetProcAddress (hModule=0x773f0000, lpProcName="VarMod") returned 0x77456400 [0111.515] GetProcAddress (hModule=0x773f0000, lpProcName="VarAnd") returned 0x77423200 [0111.515] GetProcAddress (hModule=0x773f0000, lpProcName="VarOr") returned 0x77456610 [0111.515] GetProcAddress (hModule=0x773f0000, lpProcName="VarXor") returned 0x774567b0 [0111.515] GetProcAddress (hModule=0x773f0000, lpProcName="VarCmp") returned 0x774160b0 [0111.515] GetProcAddress (hModule=0x773f0000, lpProcName="VarI4FromStr") returned 0x77416ec0 [0111.515] GetProcAddress (hModule=0x773f0000, lpProcName="VarR4FromStr") returned 0x77423010 [0111.515] GetProcAddress (hModule=0x773f0000, lpProcName="VarR8FromStr") returned 0x77423630 [0111.515] GetProcAddress (hModule=0x773f0000, lpProcName="VarDateFromStr") returned 0x77418b90 [0111.515] GetProcAddress (hModule=0x773f0000, lpProcName="VarCyFromStr") returned 0x77402d90 [0111.515] GetProcAddress (hModule=0x773f0000, lpProcName="VarBoolFromStr") returned 0x774148f0 [0111.516] GetProcAddress (hModule=0x773f0000, lpProcName="VarBstrFromCy") returned 0x77417f50 [0111.516] GetProcAddress (hModule=0x773f0000, lpProcName="VarBstrFromDate") returned 0x774189c0 [0111.516] GetProcAddress (hModule=0x773f0000, lpProcName="VarBstrFromBool") returned 0x774148a0 [0111.532] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x1f4 [0111.532] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1f8 [0111.532] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1fc [0111.554] QueryPerformanceCounter (in: lpPerformanceCount=0x19ef94 | out: lpPerformanceCount=0x19ef94*=20496412415) returned 1 [0111.630] GetTickCount () returned 0x115c909 [0111.630] GetCommandLineA () returned="\"C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe\" -start" [0111.692] GetCommandLineW () returned="\"C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe\" -start" [0111.695] GetFileAttributesW (lpFileName="-start" (normalized: "c:\\users\\fd1hvy\\desktop\\-start")) returned 0xffffffff [0111.748] GetCommandLineA () returned="\"C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe\" -start" [0111.751] GetCommandLineW () returned="\"C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe\" -start" [0111.754] FindFirstFileW (in: lpFileName="-start", lpFindFileData=0x19ecb4 | out: lpFindFileData=0x19ecb4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0xfec9c2db, ftCreationTime.dwHighDateTime=0x19efe0, ftLastAccessTime.dwLowDateTime=0x802690, ftLastAccessTime.dwHighDateTime=0x802690, ftLastWriteTime.dwLowDateTime=0x5, ftLastWriteTime.dwHighDateTime=0x9000, nFileSizeHigh=0x81336c, nFileSizeLow=0x40fa5e, dwReserved0=0x802692, dwReserved1=0x19efd4, cFileName="⚈\x80\x19⚆\x80", cAlternateFileName="\x01")) returned 0xffffffff [0111.754] GetLastError () returned 0x2 [0111.754] GetCommandLineA () returned="\"C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe\" -start" [0111.771] InternetOpenA (lpszAgent="", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0111.904] InternetOpenUrlA (hInternet=0xcc0004, lpszUrl="http://geoiptool.com", lpszHeaders=0x0, dwHeadersLength=0x0, dwFlags=0x0, dwContext=0x0) Thread: id = 52 os_tid = 0x1228 Thread: id = 53 os_tid = 0xc94 Thread: id = 57 os_tid = 0xa38 Thread: id = 60 os_tid = 0xacc Process: id = "22" image_name = "notepad.exe" filename = "c:\\windows\\syswow64\\notepad.exe" page_root = "0xf8da000" os_pid = "0x12c8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x13a0" cmd_line = "notepad.exe" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 58 os_tid = 0x12a8 Thread: id = 59 os_tid = 0xe0c Thread: id = 64 os_tid = 0xda0 Thread: id = 65 os_tid = 0xf40 Thread: id = 66 os_tid = 0xf20 Process: id = "23" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0x16bea000" os_pid = "0x2c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x1340" cmd_line = "C:\\WINDOWS\\SysWOW64\\WerFault.exe -u -p 4928 -s 796" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 54 os_tid = 0xbd0 Thread: id = 55 os_tid = 0xadc Thread: id = 56 os_tid = 0xb40 Process: id = "24" image_name = "svchost.exe" filename = "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\windows\\svchost.exe" page_root = "0x7bdf8000" os_pid = "0xaac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x1340" cmd_line = "\"C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe\" -start" cur_dir = "C:\\WINDOWS\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Process: id = "25" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0x128eb000" os_pid = "0x25c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x1340" cmd_line = "C:\\WINDOWS\\SysWOW64\\WerFault.exe -u -p 4928 -s 844" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 61 os_tid = 0x314 Thread: id = 62 os_tid = 0x408 Thread: id = 63 os_tid = 0x5d8 Process: id = "26" image_name = "svchost.exe" filename = "c:\\users\\fd1hvy\\appdata\\roaming\\microsoft\\windows\\svchost.exe" page_root = "0x5fd46000" os_pid = "0x19c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x1340" cmd_line = "\"C:\\Users\\FD1HVy\\AppData\\Roaming\\Microsoft\\Windows\\svchost.exe\" -start" cur_dir = "C:\\WINDOWS\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ff21" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]